Following a warning published on this website almost a month ago about security vulnerabilities in Java, researchers have discovered another critical flaw which could cause users major problems. If you have Java installed on your machine – which is highly likely – you may want to consider disabling or removing it until a fix is made available and downloaded.
According to Polish firm Security Explorations, the vulnerability could allow attackers to bypass the security sandbox in Java SE (Standard Edition) 5, 6 and 7, which can currently be found on nearly a billion of machines around the world. The firm warns that this Java bug is even more serious than the last critical vulnerability, for which Oracle, the software's developer, issued a patch. It could be exploited using all of the major internet browsers: Chrome, Firefox, Internet Explorer, Opera and Safari. A visit to a maliciously crafted website could enable attackers to gain total control of your PC.
Security Explorations has warned Oracle about the vulnerability and provided its proof-of-concept exploit code. It is hoped that the software giant will be able to develop a patch for its scheduled Java Critical Patch Update on 16 October.
