REDWOOD SHORES, Calif. (UPI) — Oracle Corp. has released an emergency update to its Java Web browsing software, but U.S. security experts said it still leaves PCs vulnerable to hackers.
The vulnerability, discovered last week, had prompted the U.S. Department of Homeland Security to advise computer users to disable the Java functionality in their Web browsers.
Security experts were urging consumers to download the patch released Sunday, even though some argued the fixes may not keep all forms of Java safe from cyberattacks and malware, The Washington Post reported Monday.
“Note that the vulnerabilities Oracle just patched don’t apply to standalone Java applications or server-side Java installs,” Sophos security researcher Paul Ducklin wrote in a blog post. “They apply only to applets, which run inside your browser.”
Ducklin still recommends computers users disable Java completely if their Web browsing activities don’t require it, or run one browser with Java enables when such functionality is needed and another one without for majority of their Web surfing.
Even with the release of the patch, the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is “absolutely necessary.”