Make us your home page
Instagram

Today’s top headlines delivered to you daily.

(View our Privacy Policy)

Oracle says Java flaw filed, but Homeland Security still recommends disabling it

LOS ANGELES — Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. "To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available."

The alert follows the department's warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock prices, graphical menus, weather updates and ads.

Vulnerability in the latest version, Java 7, was "being actively exploited," the department said.

Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem.

Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called "Web exploit packs" to Internet abusers who can use it to steal credit card data and personal information, or cause other harm.

The packs, sold for upward of $1,500 apiece, make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: Users are redirected to malicious sites where damaging software can be loaded onto their computers.

Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for 28 percent of vulnerabilities.

To unplug Java

In Firefox, select "Tools" from the main menu, then

"Add-ons," then click the "Disable" button next to any

Java plug-ins.

In Safari, click "Safari" in the main menu bar,

then "Preferences," then select the "Security" tab

and uncheck the button next to "Enable Java."

In Chrome, type or copy "Chrome://Plugins"

into your browser's address bar, then click

the "Disable" button below any Java plug-ins.

In Internet Explorer, follow these instructions for disabling Java in all browsers via the Control Panel: http://www.java.com/en/download/help/disable_browser.xml. There is no way to completely disable Java specifically in IE.bc-java

Slate.com

Oracle says Java flaw filed, but Homeland Security still recommends disabling it 01/14/13 [Last modified: Monday, January 14, 2013 10:33pm]
Photo reprints | Article reprints

    

Join the discussion: Click to view comments, add yours

Loading...
  1. Salvador Dali's body will soon be exhumed in paternity suit

    World

    FIGUERES, Spain — Salvador Dali's eccentric artistic and personal history took yet another bizarre turn Thursday with the exhumation of his embalmed remains in order to find genetic samples that could settle whether one of the founding figures of surrealism fathered a girl decades ago.

    Pilar Abel, poses for a photograph after a news conference in Madrid, where she claimed to be the daughter of eccentric artist Salvador Dali.  After two decades of court battles, a Madrid judge granted Abel a DNA test to find out whether her allegations are true, and the exhumation is scheduled to begin Thursday night. [Associated Press]
  2. Spring Hill couple arrested on drug charges after months-long investigation

    Crime

    SPRING HILL — A Spring Hill couple was arrested Wednesday on several drug charges after a months-long investigation by the Hernando County Sheriff's Office.

    Hernando County Sheriff's Office detectives stand behind 24 pounds of marijuana seized by the agency during a drug bust this week. [Photo by Megan Reeves]
  3. New Pinellas Trail stretch draws raves at opening

    Human Interest

    EAST LAKE — Mike Siebel bikes the Pinellas Trail four days a week and loops up and down the Suncoast Trail at least a couple times every year. A 68-year-old cycling diehard, he was so eager for the opening of the 5-mile segment extending the Pinellas Trail to the Pasco border that he would often drive across …

    Cyclists wait for the official opening of the Pinellas Trail's newest segment. JIM DAMASKE   |   Times
  4. Authorities recover body of missing boater in Lake Thonotosassa

    Accidents

    THONOTOSASSA — Authorities on Thursday recovered the body of a 44-year-old Plantation man who went missing while boating on Lake Thonotosassa.

  5. Chester Bennington, Linkin Park singer, dies by suicide at 41: Report

    Blogs

    Chester Bennington, the flame-throated singer of enormosly popular metal band Linkin Park, has reportedly committed suicide at age 41.

    Chester Bennington and Linkin Park last performed in Tampa at Steinbrenner Field in 2014.