US-CERT Web site on Jan. 14 announced the "Vulnerability Note VU # 625 617 warning users that Java 7 Update 10 and earlier versions contain a loophole, third parties may use it for unauthorized access.
The hacker can own code into the victim's computer, and then completely control the computer. "Hackers are an attack on this vulnerability, and it is added to the toolkit exploits. Exploited this vulnerability code is open and we have confirmed that Windows, OS X and Linux platforms are affected. Use on other platforms Oracle Java 7 is also likely to be affected, the alarm on the US-CERT website said: "By enticing a user visits a specially crafted HTML document, a remote attacker later may be vulnerable computer to execute arbitrary code."
The site is a clear warning to the user to immediately disable all Java plug-in Web browser, should also be done even if Oracle released 7u11 update. "Unless it is a matter of great urgency, it must be run in a Web browser Java, or disable it, even in the upgrade to Java 7 update 11."
Software security experts said Oracle may need to spend two years time, in order to find a bug in the Java security management tools. Some security blog also agree with the view of the US-CERT team, that is not enough to just install the Oracle patch.