“We are currently unaware of a practical solution to this problem,” said a notice released this week by CERT, a group at Carnegie Mellon University in Pittsburgh, which often provides technical services to US-CERT.
The recommendation highlights the rising threat level in the realm of cybersecurity, and the growing efforts to make devices and networks more secure. The vulnerability in Java is just one piece of that puzzle, but it’s significant because the software is so widely used in Web browsing.
If you want to follow US-CERT’s advice and disable Java, how do you do that?
First, if you use a Mac computer from Apple, the answer appears to be simple. According to reports by technology websites including MacRumors.com, Apple has already moved to force a disabling of Java on Macs with the OS X operating system.
For other computer users, a first step may be to check what version of Java you're running. The US-CERT announcements focus on Java 7. Computer-security blogger Brian Krebs notes some uncertainty about whether other versions going back to Java 4 are affected. But he points to evidence suggesting the problem is limited to version 7.
Oracle, the owner of Java, said on Twitter that the problem is limited to "JDK7," or version 7, and that it hopes to have a fix available "shortly." (JDK stands for Java Development Kit.)