Security experts have flagged a zero-day exploit in Oracle's Java software, urging users to disable it to prevent hackers remotely controlling their computers.
"Java is a mess. It's not secure," said James Blasco, labs manager for internet security researchers AlienVault Labs. "You have to disable it," he added.
The Homeland Security-sponsored US-CERT group confirmed that Java contains a vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code that can bypass security checks and therefore trick permissions of Java.
Internet users are at risk of attack if they visit a website that has been tailored to take advantage of the security vulnerability within Java.
Computers running on Windows, Mac OS X and Linux are all potentially at threat from hackers because of the exploit, which runs as a plug-in for web browsers including Internet Explorer and Mozilla Firefox.
Java is installed on millions of computers across the world, as the programming language enables developers to write one set of code that can be used across different systems and browsers. At the time of writing, Oracle had not provided a fix for the security flaw.
It's not the first time Java's security has been exploited. Last August, it took Oracle a week to release a fix for a zero-day exploit that presented a risk to all web browsers equipped with the software.
Vulnerabilities in Java software were being sold online last year, as revealed by security specialist Brian Krebs.
"Code execution is very reliable, worked on all seven versions I tested with Firefox and Internet Explorer on Windows 7. I will only sell this ONE TIME and I leave no guarantee that it will not be patched so use it quickly," read an online sales thread discovered by Krebs.