Java Still Not Safe, Security Experts Say
Oracle needs to fix holes faster, say some security experts. Leave Java disabled for now, because Oracle's emergency patch is insufficient.
Is Java 7 currently safe to use?
Last week, Oracle released emergency updates to fix zero-day vulnerabilities in Java 7 and Java 6. But in the case of the Java 7 fix, the new version allows an existing flaw — spotted by security researchers and disclosed to Oracle earlier this year —-to be exploited to bypass the Java sandbox. In other words, while fixing some flaws, Oracle opened the door to another one.
In light of that situation, multiple security experts said that businesses should continue to temporarily disable all Java use, whenever possible. "There are still not-yet-addressed, serious security issues that affect the most recent version of Java 7," said Adam Gowdiak, CEO and founder of Poland-based Security Explorations, which initially disclosed the exploited vulnerabilities to Oracle in April. "In that context, disabling Java until proper patches are available seems to be an adequate solution," he said via email.... Read full story on InformationWeek
Post a comment to the original version of this story on InformationWeek