Skip to main content

US-CERT Still Warns of Critical Java Flaw

The United States Computer Emergency Readiness Team (US-CERT) acknowledged the availability of the patch, but recommends not to enable Java support anyway.

In a rather unusual note, the organization wrote:

"Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."

Even in cases where users and network administrators are unable to block Java, the US-CERT said that access to Java applets should be restricted, for example, via proxy server rules and whitelisting files.

Oracle may be playing, to a certain degree, with its credibility and the trust users can put into Java. Reuters quoted security researcher Adam Gowdiak stating that there are still unpatched flaws in java, including one that was reported back in September of last year.

"We don't dare to tell users that it's safe to enable Java again," Gowdiak told Reuters.

According to Kaspersky Labs, half of all cyber attacks in 2012 exploited security holes in Java.

Contact Us for News Tips, Corrections and Feedback