The latest stable version of Java for users exposed of the new attack, says independent experts.
According to them, the attack works even if the user is uses the maximum security settings, and the software is fully updated. Recall that in the last month in Java have been eliminated two vulnerabilities “zero-day”, but according to experts in Java still has security problems.
Now experts are saying about the vulnerability in Java 7 Update 10, released in December 2012. According to the Polish IT company Security Explorations, this version of the environment, even at the maximum security settings allows you to run malicious Java-applets that are hazardous to your computer. We are talking about applets that do not have the digital certificate, but in terms of runtime look like legitimate application.
Previously, Oracle has eliminated a number of security problems associated with running unsigned Java-applications, but in most cases, the real security problem has been avoided, when Java was set to a high level of security, but now the problems are in any case.
In the Security Explorations say that unsigned code in Java 7 can be installed on the target Windows-based system, even with a high level of security in the Control Panel Java. Adam Govdiak, a specialist in IT security Security Explorations, says that the execution of unsigned code is possible because of the presence of a single Java 7 vulnerability. According to him, the first time the problem has been found in Java 7 Update 10, but were released two weeks ago, Update 11, it is also present.
The Polish company said that they have not found using this problem of the real criminals, but Oracle has been previously notified about the vulnerability in Java.