The latest version of Java has a flaw which allows it to bypass security restrictions and execute code. This allows a hacker to setup a malicious website that can take advantage of this flaw and lure his/her victims to that same website, in an attempt to infect their computers with malwares.
Java is a programming language used by a lot of websites (JRE) to interact with their visitors. A lot of the applications that you use and games that you play, in your browser, are possible because of Java (JRE). The versions of Java affected by this exploit are Java Runtime Environment (JRE) 1.7 and Java Development Kit (JDK) 6. It is possible that other versions may also be affected. Currently, the exploit only affects computers running Microsoft Windows.
Before Oracle releases a patch, you are required to disable Java in your browser. Click here for instructions for disabling Java in your web browser.
How hackers are able take advantage of this exploit?
Hackers can create and send out fake e-mails impersonating legitimate organizations. These e-mails are used in an attempt trick their victims into clicking on a link in the e-mail message that goes to a malicious website setup by the hackers.
They can also post links to this malicious website on Facebook, Twitter and other social networking websites.
Once the victim goes to the malicious website, the Java applet on that page executes, downloading and running a malicious program on the victim's computer. This malicious program can be a virus, Trojan horse or some other malware.
For more information about this Java exploit, please click here.