When the Homeland Security folks get into the mix and urge all computer users to disable Java in their browsers, you know it’s serious. Indeed, the exploit announced yesterday seems to affect all operating systems, including Linux, and it’s already being exploited. According to Trend Micro the flaw is already being used by blackhat toolkits mainly to distribute ransomware. In a blog posted yesterday, the company advises all users to disable or uninstall Java:
To prevent this exploit, and subsequently the related payload, we recommend users to consider if they need Java in their systems. If it is needed, users must use the security feature to disable Java content via the Java Control Panel, that shipped in the latest version of Java 7. The said feature disables Java content in webpages. If Java content is not needed, users may opt to uninstall Java as it can pose certain security risk.
To disable Java in Firefox go to Tools>Add-ons. In Chrome or Chromium type “chrome://plugins” in the address bar and press Enter. This will bring up a list of installed programs, from which Java can be disabled. Java is disabled in Epiphany through Edit>Preferences>Privacy–more information is available on Gnome’s website. Remove Java from Konqueror through Settings>Configure-Konqueror. A step-by-step can be found here. In Opera, access the plugin manager by entering “opera:plugins” in the address bar.
So far there’s been no news from Oracle on when a fix to this problem can be expected. My guess is we’ll hear nothing from them until they have a fix they’re ready to push.