A new Java 0-day vulnerability is being exploited in the wild. If you have Java installed in your web browser(s), you can either uninstall/disable the plugin to protect your computer or set your security settings to “High” and attempt to avoid executing malicious applets.

This newest vulnerability was discovered by the security firm FireEye Malware Intelligence Lab, who “detected a brand new Java zero-day vulnerability that was used to attack multiple customers. Specifically, we observed successful exploitation against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.”

This vulnerability affects the most recent patched version of Java, and is the second vulnerability that is being actively exploited since the latest patch.

We advise that users who don’t specifically need Java should consider uninstalling it from their computers, or at disable the Java plug-ins in Web browsers that are used to display Java content, at least until this latest vulnerability is patched. The process is simple. You can find instructions on how to disable Java in your Web browser here.

(Note: Java should not be confused with Javascript, which is entirely unrelated and is essential to the proper functioning of far more websites than Java. It is safe to leave Javascript enabled.)