Feds warn PC users to disable Java due to security flaw

The Department of Homeland Security is urging computer users to disable or uninstall the Java programming language because of a serious security vulnerability.

The flaw in Java 7 "can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system," according to a warning posted Thursday by the U.S. Computer Emergency Response Team (CERT).

Hundreds of millions of consumers and businesses may be affected.

Hackers could exploit the flaw to install malicious software or malware that could make users vulnerable to identity theft or allow their computers to be exploited by "botnets" that could crash networks or be used to attack web sites.

"Note that applications that use the Internet Explorer web content rendering components, such as Microsoft Office or Windows Desktop Search, may also be used as an attack vector for this vulnerability," the warning adds.

DHS said it is "currently unaware of a practical solution to this problem."

Java was developed by Sun Microsystems, which Oracle bought in 2010. There's no indication when a security patch might be available, and Oracle had no comment Friday night, Reuters said.

Java allows programmers to write software using a single set of code that will run on almost any computer.

MacRumors reports that Apple has already disabled the Java 7 plug-in installed on Macs.

ZD Net first reported the so-called zero-day vulnerability. In a follow up, it showed how the flaw could be exploited.