A critical Java security bug has been found for all versions of Java 7, including fully updated versions. Until a Java update to fix this problem is available, it is best to uninstall or disable Java on your computer. Here’s how to do it, depending on your browser and Java version.
Problem: Java 7 Security Bug
This vulnerability is supposedly widespread online already. From Ars Technica:
Miscreants use these products to turn compromised websites into platforms for silently installing keyloggers and other types of malicious software on the computers of unsuspecting visitors.
“There appears to be multiple ad networks redirecting to Blackhole sites, amplifying the mass exploitation problem,” Kaspersky Lab expert Kurt Baumgartner wrote. “We have seen ads from legitimate sites, especially in the UK, Brazil, and Russia, redirecting to domains hosting the current Blackhole implementation delivering the Java 0day. These sites include weather sites, news sites, and of course, adult sites.”
Oracle is set to release 86 patches for various software products on January 15, but Java does not appear to be on the list at this time.
So for now at least, you can disable Java in your browser, or you can uninstall Java from your computer.
Solution: Uninstall or Disable Java
Disable Java in all browsers: If you have Java version 7 update 10, or a newer version, you can disable Java in all browsers through the control panel, without uninstalling. In the security tab of the Java Control Panel, un-check “Enable Java content in the browser” and click OK.
Disable Java in Google Chrome: In the main menu, go to Chrome “Settings”. In the “search settings” box on the upper right, type “java”. Click on “Content Settings”, then scroll down to “Plug-ins” and click “disable individual plug-ins”. Then click “disable” for the Java plug-in.
Disable Java in Firefox: In the main menu, go to “Add-ons”. Select the “Plugins” tab to display the installed Firefox plugins. Click “disable” for any plugin with a title that includes “Java”. Note that Firefox users are already protected from this and other Java bugs by Firefox’s Click To Play, which does not load the Java plugin unless the user clicks to enable the plugin when visiting a website. Of course disabling Java from the plugins list will prevent Java from loading at all.
Disable Java in Internet Explorer: Prior to Java 7 update 10, it is not as straightforward to disable Java in Internet Explorer. Further steps can be found here.
Uninstall Java in Windows: In the Windows Control Panel, go to “uninstall a program”. Select listings of Java version 7, and click “uninstall”.