Disabling the Java plugin
A new vulnerability was recently discovered in the Java Plugin on your browser that may allow malicious code from the internet to do unintended harm on your PC.
Don’t be alarmed – the chances for that to happen are low, but you should disable the plugin until the issue is resolved. With Soluto, you can disable it in just 1 click.
Need more info? Read our explanation below of how browsers work, what you should know about the Java Plugin, and why you should disable it right now.
What are web browsers and plugins?
A web browser is an application for viewing and interacting with web pages. The three most popular browsers in the world are Internet Explorer, Google Chrome and Mozilla Firefox. The way a web browser works is that you input an Internet address called a URL into it, and the browser then queries the internet with that URL, and in return receives a web page to show you. A web browser and the internet speak in a language called HTML.
One important aspect of this conversation is that responses can contain different types of stuff. For example, a web page described in HTML can contain text, images, embedded videos and more. Some of these things are automatically recognized by the browser, like text and images, while others require a special add-on called a “plugin” for the browser to be able to understand them.
The actual querying process and the way the response is received (described above) are quite complex; for those interested we recommend diving into this Wikipedia article.
What is Java?
Java is a programming language that allows software developers to build applications. One way to use Java is to serve small applications within web pages. These applications are called “Applets”, and they aren’t very common anymore. Since browsers cannot naturally digest Java applets received in web pages, most people have a “Java Plugin” installed on their browser, to be able to digest those applets. So although this is not a very common usage scenario, most people have the mechanism allowing them to digest Java Applets via a plugin.
What is this Java plugin vulnerability?
Hackers have found a way to create web pages containing an “infected” Java Applet that confuses the Java Plugin in your browser to give it access to various important areas on your PC. Typically, a Java Applet running inside a web browser cannot access your files and is very limited in its effect on your PC. This vulnerability allows the infected applet to gain full access to your PC, effectively allowing a hacker to have full access to it.
According to the US Computer Emergency Readiness Team (CERT), this vulnerability has been packaged and published on the web, so that every hacker can now easily replicate it and use it for malicious purposes. The US government thought it is an important enough vulnerability to warn everyone, and published an official announcement from the US Computer Emergency Readiness Team’s (CERT) site.
Oracle (the owner of Sun, the creators of Java) published an emergency fix, however most researchers agree the issue has not been completely resolved yet. The US CERT maintains its recommendation to disable Java for now.
What’s the process by which I can get hacked?
The way you get hacked is that you unknowingly browse to a web page containing an infected applet. Chances are that large common web sites will not contain any such malicious code, so it’s safe to keep going to the large sites you’re used to going to. We advise to be wary of invitations to visit sites with which you aren’t familiar. This is because the way that hackers use the Java plugin to access your machine is by inviting you to visit a page, possibly through some Facebook message or email, and when you click the link you’re automatically hacked. For the time being, until the issue is resolved, please be extra sensitive about clicking links you’re not familiar with.
What should I do right now?
For now, you should disable the Java plugin on all your browsers using Soluto.
When will it be save to install the Java plugin again?
Soluto will let you know once a fix is released, and how you can enable Java again.