(Reuters) - Computer users are being advised by security experts to disable Oracle Corp’s widely used Java software after a security flaw was discovered in the past day that they say hackers are exploiting to attack computers.
“Java is a mess. It’s not secure,” said Jaime Blasco, Labs Manager with AlienVault Labs. “You have to disable it.”
Java, which is installed on hundreds of millions of PCs around the globe, is a computer language that enables programmers to write software using just one set of code that will run on virtually any type of computer.
It is used so that Web developers can make sites accessible from browsers running on Microsoft Corp Windows PCs or Macs from Apple Inc.
Computer users access those programs through modules, or plug-ins, that run Java software on top of browsers such as Internet Explorer and Firefox.
Three computer security experts told Reuters on Thursday that computer users should disable those Java modules to protect themselves from attack.
A spokeswoman for Oracle said she could not immediately comment on the matter.
“This is like open hunting season on consumers,” said HD Moore, chief security officer with Rapid7, a company that helps businesses identify critical security vulnerabilities in their networks.
Moore said machines running on Mac OS X, Linux or Windows all appear to be vulnerable to attack.
Marc Maiffret, chief technology officer with BeyondTrust, said that businesses may need to keep using Java to access some websites and Internet-based programs that run on the technology.
“The challenge is mainly for businesses, however, which have to use it for some applications,” he said. “Oracle simply needs to do a lot more to secure Java and get their act together.”
Security experts said the risk of attack is currently high because developers of several popular tools known as exploit kits that criminals use to attack PCs have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.
Reporting By Jim Finkle