Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.
Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.
Source: http://www.us-cert.gov/cas/techalerts/TA13-010A.html
Oracle Java 7 Security Manager Bypass Vulnerability |
Further technical details are available in Vulnerability Note VU#625617.
Vulnerability Note VU#625617: Java 7 fails to restrict access to privileged code |
To disable Java in browser, read:
- How do I test whether Java is working?
- Disable Java in Chrome
- Disable Java in Firefox
- Disable Java in all browser using Java Control Panel
- Run Java Control Panel on Windows 8
- Updated: Oracle official release Security Alert for US-CERT Alert, and update available
- US-CERT updated Java flaw affected system add OpenJDK and IcedTea, and added fix information per Java 7u11 release