Oracle updates Java to fix security exploits already in the wild, but safety is not guaranteed

Java logo

Although it seems like stories about security holes in browser add-ons are a dime a dozen, the last one was big enough for the US Department of Homeland Security to issue an alert. Oracle's Java is the culprit this time, with a security hole that could allow any malicious website to install software without the user's knowledge. The issue was apparently being actively exploited, so yesterday the Computer Emergency Readiness Team (US-CERT) told users that it recommends disabling Java.

Today, Oracle issued an emergency patch that it claims resolves the issue. It also changed the default security setting for Java to "High," which finally means that most users will need to approve Java applets before they run. Oracle recommends that the patch be applied ASAP, since "some exploits are available in various hacking tools," which means that it doesn't take a master-hacker to create something that could potentially be harmful to your computer.

"We don't dare to tell users that it's safe to enable Java again."

The security who originally discovered the issue, Adam Godwiak, told Reuters that he didn't believe that this latest patch is enough for users to let down their guard, "We don't dare to tell users that it's safe to enable Java again." Until and unless the situation becomes clearer, the best solution is to simply disable Java altogether and only enable it on a case-by-case basis when it's needed. Oracle itself just so happened to mention that it's now easier to disable Java in the latest version.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.