<p>The discovery of a zero-day vulnerability in Oracle's Java 7 has prompted calls for users to turn off Java in their browsers until a patch is issued, something feds and other government managers might want to think about, too.</p><p>The flaw is being exploited in active, though so far limited, attacks that are originating from a server in China, according to security researcher Atif Mushtaq at FireEye, who first reported the flaw on Aug. 26.</p><p>The attacks download the Poison Ivy RAT (for Remote Access Trojan), which takes commands from a remote server. The vulnerability exists only in Java 7 (1.7) Update 0 to 6, not earlier versions, and works in all versions of Internet Explorer, Firefox and Opera, according to researchers Andre DiMino and Mila Parkour at DeepEnd Research, who also have examined the Trojan. Meanwhile, Rapid 7, which maintains the Metasploit bank of exploits for penetration testing and hacking, said it had developed an exploit that also works against Chrome.</p><p>The Metasploit exploit reportedly works against patched versions of Windows 7, as well as against IE and Firefox on Vista and XP, Chrome on XP and Firefox on Ubuntu Linux 10.04.</p><p><a href="http://gcn.com/articles/2012/08/27/java-flaw-poison-ivy-rat.aspx">Keep reading...</a></p>