Security experts and researchers have discovered a new loophole in the popular Java software that could allow attackers to infect your computer with malware. The US-CERT group has released an alert saying that Java 7 Update 10 and the previous versions of the software come with the zero day vulnerability that allows attackers to remotely run arbitrary code. The attack can be induced if someone visits a website set up with the malicious code.

An independent malware researcher, Kafeine, spotted the exploit "in the wild" that is being extensively used in attacks -- on his blog on Thursday. The researcher also shared samples of the exploit with security companies. "This could be mayhem," he said. "I think it's better to make some noise about it." 

The exploit has already been added to the popular Blackhole exploit toolkit used by cybercriminals, as well as to Cool Exploit Kit, a more exclusive spin-off of Blackhole, Botezatu said

Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, also confirmed the exploit. "We reproduced the exploitation mechanism on Java 1.7 Update 9 and Update 10. Other versions may be vulnerable as well, we're currently analyzing whether other older updates are vulnerable,” Botezatu is quoted by ComputerWorld as saying.

Researchers at Alien Vault Labs were able to reproduce the exploit in a fully patched new installation of Java. “The Java file is highly obfuscated but based on the quick analysis we did the exploit is probably bypassing certain security checks tricking the permissions of certain Java classes as we saw in CVE-2012-4681,” note the researchers.