SAN FRANCISCO (CBS/AP) – Oracle Corp. said Monday it has released a fix for the flaw in its Java software that raised an alarm from the U.S. Department of Homeland Security last week. Even after the patch was issued, the federal agency continued to recommend that users disable Java in their Web browsers.
“This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,” DHS said Monday in an updated alert published on the website of its Computer Emergency Readiness Team. “To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available.”
The alert follows on the department’s warning late Thursday. Java allows programs to run within websites and powers some advertising networks. Users who disable Java may not be able to see portions of websites that display real-time data such as stock tickers, graphical menus, weather updates and ads.
Vulnerability in the latest version, Java 7, was “being actively exploited,” the department said.
Java 7 was released in 2011. Oracle said installing its “Update 11” will fix the problem.
Security experts said that special code to take advantage of the weakness is being sold on the black market through so-called “Web exploit packs” to Internet abusers who can use it to steal credit card data, personal information or cause other harm.