Yup, there’s another Java vulnerability you should know about. Researchers from security firm FireEye are warning users of yet another new Java zero-day vulnerability.
According to a blog post published yesterday (via IDG), browsers running Java v1.6 Update 41 and Java v1.7 Update 15 are currently vulnerable to a malware attack that installs a remote access tool known as McRAT. The exploit is reportedly different from the one used to attack Facebook, Twitter, Apple and several other companies last month.
FireEye recommends disabling Java until Oracle addresses the issue, saying: “We have notified Oracle and will continue to work with Oracle on this in-the-wild discovery. Since this exploit affects the latest Java 6u41 and Java 7u15 versions, we urge users to disable Java in your browser until a patch has been released; alternatively, set your Java security settings to “High” and do not execute any unknown Java applets outside of your organization.”
Safari users: To disable Java in the Safari browser: Go to Preferences>Security. Then make sure “Enable Java” is unchecked.
Instructions on how to uninstall Java on a Mac can be found on the Oracle website.