Oracle released an emergency software update to fix its Java software from vulnerabilities days after security experts and the Department of Homeland Security recommended users disable the software due to hacking concerns. Some experts say, however, that the patch doesn’t fix the problem and that bugs remain.
The update, available on Oracle’s Web site, fixes two vulnerabilities in Oracle’s version of Java 7 for Web browsers that has enabled hackers to install malicious software on PCs. Oracle said in its security blog that in order for the holes to be exploited, an attacker needs to trick an unsuspecting user into browsing a malicious website, allowing the attacker to execute arbitrary code in the computer. Oracle also said that it switched Java’s security settings to “high” by default, making it more difficult for suspicious programs to run on a PC.