Oracle released an emergency software update to fix its Java software from vulnerabilities days after security experts and the Department of Homeland Security recommended users disable the software due to hacking concerns. Some experts say, however, that the patch doesn’t fix the problem and that bugs remain.
The update, available on Oracle’s Web site, fixes two vulnerabilities in Oracle’s version of Java 7 for Web browsers that has enabled hackers to install malicious software on PCs. Oracle said in its security blog that in order for the holes to be exploited, an attacker needs to trick an unsuspecting user into browsing a malicious website, allowing the attacker to execute arbitrary code in the computer. Oracle also said that it switched Java’s security settings to “high” by default, making it more difficult for suspicious programs to run on a PC.
The Department of Homeland Security and computer security experts said Thursday that hackers had figured out how to exploit the bug and urged users to disable Java on all computers. The bugs within the software have enabled hackers to commit crimes such as identity theft.
Adam Gowdiak, a researcher with Poland’s Security Explorations who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws and urges users to disable Java.
Java, a widely used computer language, enables programmers to write software using one set of codes that will run on any type of computer from Apple’s OS X to Microsoft’s Windows. The wide use of the software has also made it a prime target for hackers. According to the recently published Kaspersky Security Bulletin 2012, Oracle Java was the most frequently exploited software by cybercriminals during the year, with Adobe Reader and Adobe Flash Player ranking in the second and third places, respectively.
If you want to avoid the risks of using Java, you can disable it all together.
To disable Java on Chrome:
1) Type about:plugins into your address bar.
2) Find your Java plugin in the list and click disable
To disable Java in Internet Explorer:
1) Go to Tools Menu, Internet Options, Security and click Customer Level Button.
2) Scroll down in the Security Settings box until you see “Scripting of Java Applets” and click “Disable” or “Prompt”