The U.S. Computer Emergency Readiness Team recommends disabling Java in browsers. The agency is “unaware of a practical solution to this problem,” US-CERT says. The problem can allow an untrusted Java applet to escalate its privileges without requiring code signing. Oracle Java 7 update 10 and earlier are affected, the agency says. Two spokeswomen for Oracle, the company that distributes Java, weren’t immediately available for comment. The vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits.”]
Source: https://www.csoonline.com/article/2132759/us-cert–disable-java-in-browsers-because-of-exploit.html