Make us your home page
Instagram

Today’s top headlines delivered to you daily.

(View our Privacy Policy)

Oracle says Java flaw filed, but Homeland Security still recommends disabling it

LOS ANGELES — Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.

"This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered," the DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. "To defend against this and future Java vulnerabilities, consider disabling Java in Web browsers until adequate updates are available."

The alert follows the department's warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock prices, graphical menus, weather updates and ads.

Vulnerability in the latest version, Java 7, was "being actively exploited," the department said.

Java 7 was released in 2011. Oracle said installing its "Update 11" will fix the problem.

Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called "Web exploit packs" to Internet abusers who can use it to steal credit card data and personal information, or cause other harm.

The packs, sold for upward of $1,500 apiece, make complex hacker codes available to relative amateurs. This particular flaw even enables hackers to compromise legitimate websites by taking over ad networks. The result: Users are redirected to malicious sites where damaging software can be loaded onto their computers.

Kaspersky Lab estimated that last year 50 percent of all website exploitations were due to vulnerabilities in Java. Adobe's Acrobat Reader accounted for 28 percent of vulnerabilities.

To unplug Java

In Firefox, select "Tools" from the main menu, then

"Add-ons," then click the "Disable" button next to any

Java plug-ins.

In Safari, click "Safari" in the main menu bar,

then "Preferences," then select the "Security" tab

and uncheck the button next to "Enable Java."

In Chrome, type or copy "Chrome://Plugins"

into your browser's address bar, then click

the "Disable" button below any Java plug-ins.

In Internet Explorer, follow these instructions for disabling Java in all browsers via the Control Panel: http://www.java.com/en/download/help/disable_browser.xml. There is no way to completely disable Java specifically in IE.bc-java

Slate.com

Oracle says Java flaw filed, but Homeland Security still recommends disabling it 01/14/13 [Last modified: Monday, January 14, 2013 10:33pm]
Photo reprints | Article reprints

    

Join the discussion: Click to view comments, add yours

Loading...
  1. Tiger Woods arrested on DUI charge in Florida

    Public Safety

    Tiger Woods has been arrested on a drunken driving charge in Palm Beach County, various media outlets are reporting.

    Tiger Woods has been arrested on a DUI charge in Florida.
  2. Young male hospitalized after shooting in St. Petersburg

    Crime

    ST. PETERSBURG — A juvenile male was injured Monday morning in a shooting in the 2300 block of 17th Ave S, police said.

    A juvenile was injured in a shooting Monday morning in the 2300 block of 17th Ave S in St. Petersburg. (Zachary Sampson, Tampa Bay Times)
  3. Big rents and changing tastes drive dives off St. Pete's 600 block

    Music & Concerts

    ST. PETERSBURG — Kendra Marolf was behind the lobby bar of the State Theatre, pouring vodka sodas for a weeknight crowd packed tight for Bishop Briggs, the latest alternative artist to sell out her club.

    Sam Picciano, 25, left, of Tampa and Molly Cord 24, Palm Harbor shop for record albums for a friend at Daddy Kool Records located on the 600 block of Central Avenue in St. Petersburg, Florida on Saturday, May 20, 2017. OCTAVIO JONES   |   Times
  4. How Hollywood is giving its biggest stars digital facelifts

    Business

    LOS ANGELES — Johnny Depp is 53 years old but he doesn't look a day over 26 in the new "Pirates of the Caribbean" movie — at least for a few moments. There was no plastic surgeon involved, heavy makeup or archival footage used to take the actor back to his boyish "Cry Baby" face, however. It's all …

    This combination of photos released by Disney, shows the character Jack Sparrow at two stages of his life in "Pirates of the Caribbean: Dead Men Tell No Tales."  Johnny Depp, who portrays the character, is the latest mega-star to get the drastic de-aging treatment on screen
[Disney via Associated Press]
  5. Putin visits France, hopes to mend strained ties with West

    World

    VERSAILLES, France — On a visit likely to shape Russia-France ties for years, French President Emmanuel Macron hosted Russian President Vladimir Putin at the sumptuous Palace of Versailles on Monday for what the newly-elected French leader said would be "demanding" talks on Syria, the Ukrainian crisis and other …

    Russian President Vladimir Putin, right, is welcomed by French President Emmanuel Macron at the Palace of Versailles, near Paris, France, Monday. Monday's meeting comes in the wake of the Group of Seven's summit over the weekend where relations with Russia were part of the agenda, making Macron the first Western leader to speak to Putin after the talks. [AP photo]