The emergency update to Java software issued by creators Oracle Corp on Sunday is insufficient to protect against identity theft and cybercrimes, according to security experts.
HumanIPO reported on Friday that a vulnerability in the widely used Java software had the potential to allow hackers to access to your computer, with the platform used and installed on more than one billion user computers and three billion mobile phones worldwide. Users were advised by the US Department of Homeland Security to uninstall the software.
Oracle on Sunday released an update which it said fixed two bugs in the Java 7 software which may have made computers vulnerable to hacking, while it also switched Java’s security settings to “high” automatically.
However, experts now claim that not only are the updates insufficient to protect against hackers, but that users should refrain from reinstating the software to personal computers.
“We don’t dare to tell users that it’s safe to enable Java again,” Adam Gowdiak of Polish firm Security Explorers who has personally assisted in the identification of numerous Java flaws, reports Reuters. Gowdiak added that the current update fails to respond to numerous security threats.
“The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don’t really need Java on their desktop,” reiterated HD Moore, chief security officer at business security experts Rapid7. He said that the repairing of all errors in the Java software may take up to two years.
The Java computer language allows programmers to create software for various operating systems, including Microsoft Windows, Apple’s OS X and Linux.
There are various versions of Java, one of which is used by web browsers to access Internet-based content, the version experiencing security difficulties. Other versions are installed directly onto devices including computers, phones and cameras.
According to Kaspersky Labs, 50 percent of cybercrimes committed through the exploitation of web browser bugs in 2012 took place through the Java platform.