It comes as some security experts are warning that the new software -- Java 7 (Update 11), which was released on Sunday -- may not actually protect against hackers attempting to remotely execute code on user machines.
This code, security experts warn, could be used to acquire personal
information and steal identities, or subscribe machines to 'botnets,'
which can then be used to hit networks and Web sites with
denial-of-service attacks.
Homeland Security said in an updated note
that it is reiterating its advice it gave last week, in spite of Oracle
updating the Java software to include a security fix that would prevent
machines from being attacked by hackers.
The said: "Unless it is absolutely necessary to run Java in Web browsers, disable it [...] even after updating to [Update 11]."
Homeland Security warned on Friday that
Internet users should disable the Web plug-in as soon as possible, to
prevent being attacked by hackers or malware. While it's not uncommon
for a government department to notify users of threats, advising users
to actively disable or uninstall software is rare.
Java is used in more than 850 million PCs and Macs,
along with billions of devices around the world, including cars,
Blu-ray players, and mobile devices. The reason why the U.S. government
stepped in, along with security experts and anti-malware companies, to
warn users is because the zero-day vulnerability was being exploited in the wild by hackers and malware writers.
Experts and researchers have warned that fixing the zero-day exploit "could take two years." Rapid7 chief security officer HD Moore told the Reuters news agency that it could take this long for
Oracle to fix the flaws found in Java -- not including any further
exploits or vulnerabilities that are found in the meantime.
"The safest thing to do at this point is just assume that Java is
always going to be vulnerable. Folks don't really need Java on their
desktop," he said.
Update at 3:45 p.m. ET: Oracle told ZDNet in a
statement: "Oracle has released Security Alert CVE-2013-0422 to address
the flaw in Java software integrated with Web browsers. This is a blog that discusses when the bug was reported and actions that Java users need to take to secure their systems."
Excellent and decent post. I found this much informative, as to what I was exactly searching for. Thanks for such post and please keep it up.
ReplyDeleteArkon Web Solutions have qualified demographic analyzer who selects strategy for the most expected
local seo company in usa.