US Department of Homeland Security advises disabling Java following fresh zero-day vulnerability

Java logo

A new Trojan horse has been discovered that exploits a flaw found in Java, leaving computers running Windows, Mac OS, and Linux vulnerable to attack. Mal/JavaJar-B allows attackers to remotely trigger code once it infects a system, potentially leading to the installation of malware, or even ransomware. Oracle hasn’t yet patched the vulnerability, which targets even the latest version of Java.

US-CERT recommends that users disable Java in web browsers

The issue is so large that the Computer Emergency Readiness Team at the Department of Homeland Security has urged users to disable Java. The governmental organization says in a release that the vulnerability "is being actively exploited" and that "exploit code is publicly available." US-CERT recommends that Java be disabled in the browser until an update is pushed out by Oracle.

In fact, Apple has already taken those very steps for Mac OS X users. The company has pushed a revision to its Xprotect.plist blacklist that updates the minimum required version of Java to a future version that hasn’t yet been released. The vulnerability works across all Java plug-in versions up to 1.7.0_10-b18, with Apple updating its blacklist to require b19. As a result, the anti-malware service installed on Mac OS X prevents the Java browser plug-in from running at all.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.