U.S. still urges caution using Java despite update to fix flaw

The U.S. Department of Homeland Security is continuing to advise users to disable Java on their Web browsers, despite Oracle issuing an update that the company said would fix the software’s vulnerability to hackers.

Oracle, which owns Java, issued an update Sunday that supposedly fixed a security flaw found in the software. The update came after Homeland Security warned users last week of a vulnerability within the software that could be exploited by hackers to install malware on users’ computers.

Oracle “strongly” recommended that all users update in order to get the fix.

But Homeland Security said it may not be enough.

PHOTOS: Tech we want to see in 2013

“Unless it is absolutely necessary to run Java in Web browsers, disable it,” Homeland Security’s computer emergency readiness team said in a note updated Monday.

Citing security company Immunity Inc., Homeland Security says the Java update only fixed one of the software’s vulnerabilities; another security flaw remains.

“The patch did stop the exploit, fixing one of its components,” Immunity says in a blog post cited by Homeland Security. “But an attacker with enough knowledge of the Java code base and the help of another zero day bug to replace the one fixed can easily continue compromising users.”

For help disabling Java from your browsers, here’s a guide put together by SlashGear.

Oracle could not be reached for comment.

ALSO:

Samsung sells 100 million Galaxy S smartphones

Feds drop charges against late Internet activist Aaron Swartz

Oracle issues update to Java to fix major malware vulnerability