Thursday, January 17, 2013

In spite of Oracle patch, government still recommends disabling Java

In spite of Oracle patch, government still recommends disabling Java

In spite of Oracle patch, government still recommends disabling Java

Oracle may have rushed out a patch to address another critical vulnerability in Java 7, but that apparently isn't enough to appease U.S. security watchdogs, who continue to advise disabling the software on web browsers.

The United States Computer Emergency Readiness Team (US-CERT) issued a security advisory Monday alerting computer users to yet another vulnerability in Oracle's Java Runtime Environment (JRE) 7.

The vulnerability allows remote, unauthenticated attackers to execute arbitrary code on systems with JRE 7 inst alled, an issue severe enough for Apple to remotely disable Java on Macs running OS X 10.4 and earlier last week.

Oracle quickly issued Java 7 Update 11 over the weekend to patch this and other vulnerabilities, but the move may not be enough to appease government overseers.

Browser safety

With Monday's US-CERT security advisory, users and administrators are still encouraged to temporarily disable Java in their web browsers, despite the latest patch.

"Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11," CERT's Vulnerability Note VU#625617 recommended.

The note suggested disabling Java "will help mitigate other Java vulnerabilities that may be discovered in the future."

According to PCWorld, many security experts are calling for Oracle to rewrite Java from scratch to eliminate future problems, a move the company has been hesitant to make given the number of computers reliant on its legacy code.



No comments:

Post a Comment

//PART 2