Oracle may have rushed out a patch to address another critical vulnerability in Java 7, but that isn't enough to appease U.S. security watchdogs, who continue to advise disabling the software on web browsers.
The United States Computer Emergency Readiness Team (US-CERT) issued a security advisory Monday alerting computer users to yet another vulnerability in Oracle's Java Runtime Environment (JRE) 7.
The vulnerability allows remote, unauthenticated attackers to execute arbitrary code on systems with JRE 7 installed, an issue sev ere enough for Apple to remotely disable Java on Macs running OS X 10.4 and earlier last week.
Oracle quickly issued Java 7 Update 11 over the weekend to patch this and other vulnerabilities, but the move may not be enough to appease critics.
Browser safety
With Monday's US-CERT security advisory, users and administrators are still encouraged to temporarily disable Java in their web browsers, despite the latest patch.
"Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11," CERT's Vulnerability Note VU#625617 recommends.
The note suggests disabling Java "will help mitigate other Java vulnerabilities that may be discovered in the future."
According to PCWorld, many security experts are calling for Oracle to rewrite Java from scratch to eliminate future problems , a move the company has been hesitant to make given the number of computers reliant on its legacy code.
 |  |
No comments:
Post a Comment