Security experts suggest disabling Java software in web browsers following a discovery of a flaw that can be used to spread malware.
Internet security firm FireEye has discovered a new Java zero-day vulnerability, which is being used against systems by hackers. The company warns that until Oracle provides an update, most Java users online will be at risk.
“A successful exploit attempt can result in a dropper (Dropper.MsPMs) getting installed on infected systems,” reads FireEye’s report.
“Dropper.MsPMs further talks to its own CnC domain hello.icon.pk which is currently resolving to an IP address 223.25.233.244 located in Singapore.”
Atif Mushtaq of FireEye has said that a number of hacked websites were being used to exploit and install malware onto Windows machines, although Apple Macs could also be targeted.
Java 6 is installed by default on Macs, which is unaffected by the flaw, but if users have decided to upgrade to Java 7 they could be at risk.
At the time of writing there is no date announced for an emergency update patch and Oracle’s Java blog has not been updated since August 23rd.

http://www.pcr-online.biz/news/read/...systems/029038