Oracle may have patched a critical flaw in Java over the weekend, but security experts do not believe that Oracle has done enough to alleviate all concerns.
In a rather unusual note, the organization wrote:
"Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."
Even in cases where users and network administrators are unable to block Java, the US-CERT said that access to Java applets should be restricted, for example, via proxy server rules and whitelisting files.
Oracle may be playing, to a certain degree, with its credibility and the trust users can put into Java. Reuters quoted security researcher Adam Gowdiak stating that there are still unpatched flaws in java, including one that was reported back in September of last year.
"We don't dare to tell users that it's safe to enable Java again," Gowdiak told Reuters.
According to Kaspersky Labs, half of all cyber attacks in 2012 exploited security holes in Java.