Oracle's Latest Java Fix Is Still Broken, Better Learn To Live Without

Remember that big zero-day Java vulnerability the Department of Homeland Security was all worried about? Well, Oracle fixed it. Oh wait, no. That latest Java fix still has a big ol' hole. It's time to abandon ship, folks.

Turns out that Oracle's original out-of-band update to Java only fixed one of the two nasty problems, and one vulnerability is still too many. The new update has given birth to two flaws that — when combined with the vulnerability Oracle missed — form another working exploit, leaving Java just as dangerous as it was before.

Java could still be fixed, but with problems popping out of the woodwork at these kinds of speeds, you'll be hard-pressed to stay up to date on Java's vulnerability at any given moment. It's super easy to shut it off in your browser and stay safe that way, so you probably ought to just do that. You probably won't even miss it. [threatpost]

Picture: Levent Konuk/Shutterstock


Comments

    Yes, well if the only use of Java was in browsers, that'd be a great solution, Eric.

    However, many apps (NAS interfaces, Minecraft, etc) are built on Java. So if we follow your advice to ''shut it off'' many of us would ''miss it'' quite a lot...

    Last edited 19/01/13 7:42 pm

Join the discussion!

Trending Stories Right Now