Axe Java Despite Update, Homeland Security Warns

Created: 2013-01-19 16:30 EST



On January 10, the US Department of Homeland Security released a warning about vulnerability in Oracle's Java Runtime Environment, or JRE.


The Computer Emergency Readiness Team, or CERT, recommended that users temporarily disable Java in web browsers due to an exploit currently being used in the wild, affecting Windows, OS X and Linux platforms. Java is made to be an easy-to-develop cross-platform environment, and is used by millions of computers worldwide.


The vulnerability affected all versions of JRE 7 up to update 10, which had been its latest.


Apple had even began to disabled newer versions of Java from personal computers pending an update.


Then earlier this week, Oracle released an update for Java. Java 7 Update 11 addressed two vulnerabilities, and also noted that default security levels in Update 11 were increased to High.


However, despite the Java security flaw being repaired CERT still recommend disabling it.


CERT updated its Vulnerability Note. It now reads "unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."


In JRE 7 Update 10 and 11, if you wish to disable Java, you can open up the Java Control Panel and disable it under the Security tab.