According to foreign security research institutions, the current Java version contains a serious security vulnerability, which may cause the computer to be infected when accessing a specific webpage with malicious code.
It is reported that the vulnerability has been exploited by hackers and is currently only targeted attacks. However, a vulnerability has begun to flow, so it is possible that a large wave of attacks will soon emerge.
So far, targeted attacks are known to be exploiting this vulnerability to install the Poison Ivy Trojan, which is hosted on a server located in Singapore.
This vulnerability affects all Java 7.x branch versions. During the test, all mainstream Windows browsers may be exploited and infected, including Chrome. It is said that the vulnerability also exists in Apple's latest Mountain Lion operating system.
Currently, users who have installed Java in the system should disable the browser plug-in, or simply remove the Java Plug-in, at least until Oracle releases the patch. When the browser plug-in is disabled, the local Java application can still be used normally.
Oracle has not commented on the vulnerability, so it is unknown whether the vulnerability has been fixed. According to the plan, the next version of Java 7 will be released on July 15, October 16, and may contain patches related to this vulnerability.
Via TheH