Alert: Oracle Java 7 Security Manager Bypass Vulnerability

A vulnerability in the Java Security Manager allows a Java applet to grant itself permission to execute arbitrary code. An attacker could use social engineering techniques to entice a user to visit a link to a website hosting a malicious Java applet. An attacker could also compromise a legitimate web site and upload a malicious Java applet (a "drive-by download" attack).

Any web browser using the Java 7 plug-in is affected. The Java Deployment Toolkit plug-in and Java Web Start can also be used as attack vectors.

Reports indicate this vulnerability is being actively exploited, and exploit code is publicly available.

Source: http://www.us-cert.gov/cas/techalerts/TA13-010A.html

Oracle Java 7 Security Manager Bypass Vulnerability

Further technical details are available in Vulnerability Note VU#625617.

Vulnerability Note VU#625617: Java 7 fails to restrict access to privileged code

To disable Java in browser, read:

• How do I test whether Java is working?
• Disable Java in Chrome
• Disable Java in Firefox
• Disable Java in all browser using Java Control Panel
• Run Java Control Panel on Windows 8
• Updated: Oracle official release Security Alert for US-CERT Alert, and update available
• US-CERT updated Java flaw affected system add OpenJDK and IcedTea, and added fix information per Java 7u11 release