Patch for Java Web flaw released

Jan. 14, 2013 at 2:44 PM

REDWOOD SHORES, Calif., Jan. 14 (UPI) -- Oracle Corp. has released an emergency update to its Java Web browsing software, but U.S. security experts said it still leaves PCs vulnerable to hackers.

The vulnerability, discovered last week, had prompted the U.S. Department of Homeland Security to advise computer users to disable the Java functionality in their Web browsers.

Security experts were urging consumers to download the patch released Sunday, even though some argued the fixes may not keep all forms of Java safe from cyberattacks and malware, The Washington Post reported Monday.

"Note that the vulnerabilities Oracle just patched don't apply to standalone Java applications or server-side Java installs," Sophos security researcher Paul Ducklin wrote in a blog post. "They apply only to applets, which run inside your browser."

Ducklin still recommends computers users disable Java completely if their Web browsing activities don't require it, or run one browser with Java enables when such functionality is needed and another one without for majority of their Web surfing.

Even with the release of the patch, the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is "absolutely necessary."

Related UPI Stories
Topics: surfing
Latest Headlines
Trending News
Seattle sea otter learns how to use an inhaler
Catholic conservatives wary of Pope's climate change message
Apple signals delivery of electric car by 2019, report says
Self-impregnated snake in Missouri has another 'virgin birth'
Ancient Roman village found in Germany