U.S. still urges caution using Java despite update to fix flaw
The U.S. Department of Homeland Security is continuing to advise users to disable Java on their Web browsers, despite Oracle issuing an update that the company said would fix the software’s vulnerability to hackers.
Oracle, which owns Java, issued an update Sunday that supposedly fixed a security flaw found in the software. The update came after Homeland Security warned users last week of a vulnerability within the software that could be exploited by hackers to install malware on users’ computers.
Oracle “strongly” recommended that all users update in order to get the fix.
But Homeland Security said it may not be enough.
PHOTOS: Tech we want to see in 2013
“Unless it is absolutely necessary to run Java in Web browsers, disable it,” Homeland Security’s computer emergency readiness team said in a note updated Monday.
Citing security company Immunity Inc., Homeland Security says the Java update only fixed one of the software’s vulnerabilities; another security flaw remains.
“The patch did stop the exploit, fixing one of its components,” Immunity says in a blog post cited by Homeland Security. “But an attacker with enough knowledge of the Java code base and the help of another zero day bug to replace the one fixed can easily continue compromising users.”
For help disabling Java from your browsers, here’s a guide put together by SlashGear.
Oracle could not be reached for comment.
ALSO:
Samsung sells 100 million Galaxy S smartphones
Feds drop charges against late Internet activist Aaron Swartz
Oracle issues update to Java to fix major malware vulnerability
Inside the business of entertainment
The Wide Shot brings you news, analysis and insights on everything from streaming wars to production — and what it all means for the future.
You may occasionally receive promotional content from the Los Angeles Times.
