A major security flaw in Java 7 may affect users of Windows, OS X (Mac) and Linux if the program have Oracle installed. The attack can be triggered via any browser and can potentially affect therefore any operating system.
According to a laboratory grade ESET “it all started with the publication of an article on the blog of FireEye which warned of the existence of an exploit that was being actively exploited ”
Meanwhile, the engineering manager Metasploit , Tod Beardsley , described the attack as “super dangerous” .
ESET claims that “the severity of this vulnerability is further aggravated after finding that Oracle has not released or plans to release soon a security update that resolved . ” “The next round of updates to the ‘software’ of Java is scheduled for October,” said Ty added that “even if Oracle decides to release a patch out of cycle, even take a few days, more than enough time to infect millions of machines” .
The ‘exploits’, part of ‘software’ which aim to breach security to access a computer-discovered have been directed only to users of Windows , however this does not mean it can not affect other operating systems –Linux and OS X -.
For OS X Lion and Lion Mountain input exists a modest level of protection, since Java is not installed by default on these operating systems .
However, it is still possible to have Java installed on OS X Lion and Lion Mountain after accepting the license that prompts the user to download the software from Oracle.
Meanwhile, users of Leopard and Snow Leopard preinstalled whose teams bring Java do have an increased risk compared to ‘exploit’ of Java 7 discovered by Beardsley.
Apple still maintains Java 6 on their computers and, says Beardsley,“vulnerability is Java 6, but is new functionality in Java 7” . So Mac users can rest easy if they have the previous version of Java, provided they have special care if you are asked to download Java 7.
For now, the only possible recommendation is to disable Javaaltogether in all browsers we use. Eel security blog Security by Default and Internet User Security Bureau have published the necessary steps to do so.