Computer Users Should Disable Java 7 Due To Security Flaw, Experts Say

http://www.npr.org/blogs/thetwo-way/2013/01/11/169156325/computer-users-should-disable-java-7-due-to-security-flaw-experts-say

Millions of computer users who run the most recent versions of Oracle's Java software should disable the product due to security flaws, says the cybersecurity section of the Department of Homeland Security. The agency says, "Web browsers using the Java 7 plug-in are at high risk."

For our Newscast desk, Steve Henn filed a report from Silicon Valley in which he says that "in the last few months security researchers have discovered a series of bugs that can allow bad actors to take over machines that running Java in a web browsers and steal your identity."

Those bugs can be exploited to allow hackers' programs to give themselves full security privileges, according to a "vulnerability note" posted by Carnegie Mellon University's CERT computer security site.

"Oracle Java 7 update 10 and earlier are affected," the notice says. It adds that the only known solution is to "disable Java in web browsers."