U.S. still urges caution using Java despite update to fix flaw
Jan 14, 2013 (Los Angeles Times - McClatchy-Tribune Information Services via COMTEX) --
The U.S. Department of Homeland Security is continuing to advise users to disable Java on their Web browsers, despite Oracle issuing an update that the company said would fix the software's vulnerability to hackers.
Oracle, which owns Java, issued an update Sunday that supposedly fixed a security flaw found in the software. The update came after Homeland Security warned users last week of a vulnerability within the software that could be exploited by hackers to install malware on users' computers.
Oracle "strongly" recommended that all users update in order to get the fix.
But Homeland Security said it may not be enough.
"Unless it is absolutely necessary to run Java in Web browsers, disable it," Homeland Security's computer emergency readiness team said in a note updated Monday.
Citing security company Immunity Inc., Homeland Security says the Java update only fixed one of the software's vulnerabilities; another security flaw remains.
"The patch did stop the exploit, fixing one of its components," Immunity says in a blog post cited by Homeland Security. "But an attacker with enough knowledge of the Java code base and the help of another zero day bug to replace the one fixed can easily continue compromising users."
For help disabling Java from your browsers, here's a guide put together by SlashGear.
Oracle could not be reached for comment.
___ (c)2013 the Los Angeles Times Visit the Los Angeles Times at
www.latimes.com Distributed by MCT Information Services
[ Back To Technology News's Homepage ]