Java Release 7 Update 11 (released January 13, 2013) fixes this issue.
More info here.
US Department of Homeland Security is advising computer uses to temporarily disable their browsers’ Java Plugin(s). This comes after after Thursday’s advisory concerning vulnerabilities in the current Java 7 Release 10 plugin.
Experts believe hackers have found a flaw in Java’s coding that creates an opening for criminal activity and other high-tech mischief.
How to disable Java plugin on your browser:
- Firefox: in the address bar type about:addons and press enter. The add-ons manager will open. On the left side select Plugins. Locate the plugins you want to disable and click the Disable button. Note: a browser restart may be needed
- Chrome: in the address bar type chrome://plugins/ and press enter. The Plug-ins manager will now be opened. Locate the plugins you want to disable and click the ‘disable’ link in the the lower left corner.
- Safari: see directions here.
If you don’t normally use Java (and you would know if you did) and want to remove Java you will need to do so via your operating system. For MS Windows user that would be Control Panel then (Add/Remove) Programs and look through the list for any Java entries. You may one or several depending if you are running 32-bit or 64-bit or if you still have older versions installed. Remove them all.
Also, don’t confuse Java with JavaScript, they are two completely different things. JavaScript is a scripting language on a web page which tells the browser how to display a web page. Java is an environment used to run web apps (FTP clients, Chat clients, Virtual environment clients) from within your browser. Java is running/being processed on a server which your browser needs a plugin to “interact” with the server.
via Fox News
But Java got updated to U11. Surely that fixed the exploit?
Yep, looks like it just came out earlier today.