Late last week, the US government issued a security bulletin that recommended PC users disable Oracle’s Java on their systems, due to an recently discovered exploit that hackers have already been using to launch cyber attacks against Java-running PCs. This weekend, Oracle released a new security update for Java.
Even with this new update, some security experts still believe Java has a number of exploits that could be found by hackers. Reuters reports that HD Moore, the chief security officer for Rapid7, claims that it could take up to two years for Oracle to fix all of the security issues that have been found in Java.
In their blog post about the new Java update, Oracle points out that users can go into the Java Control Panel and adjust the level of security when they run unsigned Java apps inside a web browser. The default setting has been changed from “Medium” to “High.” However, Moore thinks that at this point, the only PC users that need to run Java are those who have to use it for business. He added, “The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don’t really need Java on their desktop.”
Security firm Kaspersky claims that Java was involved in 50 percent of all PC cyber attacks in 2012. So far, Oracle has yet to comment on the US government’s warning on using Java on PCs.
Despite Java weekend update, security issues remain.