New remote code exploit discovered in Java 7 Update 10.
A new vulnerability in the Java platform has emerged this week, dubbed as Mal/JavaJar-B. In a post by security company Sophos, the vulnerability allows malicious code to potentially allow a remote user to run code remotely on a machine.
The code has currently been seen infecting Windows and Unix systems running Java 7 Update 10, though a patch has not yet been released to address this. At the moment the recommended workaround is to disable Java in your browser completely, or change your Java security settings to ‘High’.
In a related post, Mozilla – makers of popular web browser Firefox – also made a blog post about the exploit, stating that they’ve enabled the ‘Click to Play’ feature of Firefox, which prompts users before running any Java plugins or code.