Last week, Java pre-released the updates to patch 42 vulnerabilities which could have been exploited remotely without using a username and password. But the security researcher has found a new un-patched vulnerability that is present in all the Java SE 7 versions.
A Polish researcher, Gowdiak has found a vulnerability and has posted the same on his website along with the proof of concept. Gowdiak explained the vulnerability saying,
The new flaw was verified to affect all versions of Java SE 7 (including the recently released 1.7.0_21-b11). It can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a web browser scenario requires proper user interaction (a user needs to accept the risk of executing a potentially malicious Java application when a security warning window is displayed). What's interesting is that the new issue is present not only in JRE Plugin / JDK software, but also the recently announced Server JRE as well
This does raise the security concern because the hackers can exploit the vulnerability to malicious use. Oracle was always criticized in the past for not being serious on patching the holes. Such was the delay from the Oracle that Apple had to release its own Java patch to fix the vulnerability. Use of Java in most of the application these days makes it the priority target for the hackers.
If you don’t need Java, remove it. Why put yourself at risk?. Because most of the users don’t need Java in their browser and it is not used for websites, so the websites will work fine .
For disabling Java, click on the link for the browser you are using:-