Software vulnerabilities are common, but it’s not every day that the Computer Readiness Team (CERT) at the U.S. Department of Homeland Security steps in and starts
warning the public. Not surprisingly,
Oracle jumped on the security hole and released an update (Java Update 7u11) that resolves the problem. If you’re running Java (even the Java plug-in in your browser),
update now.
That said, not everyone is convinced that Java users are completely in the clear after updating to the latest version. Experts agree that the updated version of Java now blocks the
zero day exploit (in part by making you click a button to run Java technology present on most websites). But some research programs, including Poland’s Security Explorations, suggest that there may be other Java
vulnerabilities that haven’t been addressed. You can
disable Java, but it’s hard to avoid
Java on the Web, so if you plan to continue using it, grab the update.
