Days after the said computer users should remove the latest versions of its Java software, Oracle Corp. says it has fixed the flaw, in a new update released Monday. , hacking groups included the Java 7 vulnerability in new "exploit kits" this year.
Oracle provides instructions for on its website, saying the update raises the default security level for Java applets from Medium to High — which means that "the user is always warned before any unsigned application is run to prevent silent exploitation," the company .
But the experts who highlighted the Java 7 flaw say that even though it's fixed, users should beware, as other security problems could arise in the software.
"Unless it is absolutely necessary to run Java in web browsers, disable it... even after updating," recommends Carnegie Mellon University's .
°µºÚ±¬ÁÏ of the Java 7 flaw, which can allow hackers to take over a computer, worried many of the millions of people whose computers use the software. It also set off confusion, and calls for Oracle to "rewrite Java from scratch," .
Even as the to combat the flaw, the agency also said Monday that "new Java vulnerabilities are likely to be discovered" — and people should still consider disabling Java in their browsers. Some experts say you should simply remove it entirely — or perhaps keep Java on only one browser, for use on specific sites.
Here's a quick reference of options, from disabling to uninstalling, and other factors:
Disable Java In Browsers
Uninstall Java Completely
Many people say they can disable or delete Java completely, and not miss it. One of them is security expert Brian Krebs, who Monday — but still recommended uninstalling Java.
Oracle has instructions for doing that on computers that run . On a separate page, it addresses uninstalling Java on a Mac — specifically, .
if you're unsure of whether your computer is running Java, Oracle has a page specifically meant to Another website, , can help you figure out which versions of Java you have.
What About Older Versions Of Java?
Oracle says you should uninstall older versions of Java, as keeping old versions "presents a serious security risk." Because of the way updates were once handled, you might have several out-of-date versions of Java on your machine.
Oracle has a webpage with .
That might present a problem to some folks, especially if they sometimes use business software that requires an older version. This situation most often leads people to keep one browser specifically for Java.
Java vs. Javascript: The Java 7 security flaw does not affect JavaScript. While they're both programming languages, they're not as closely related as their names imply.
Java, developed by Sun Microsystems, is far more complex and independent — and thus poses more risk if hackers find a way to misuse it. By contrast, JavaScript, developed by Netscape, is used mostly within HTML to make web pages more interactive.
Copyright 2020 NPR. To see more, visit https://www.npr.org. 9(MDAxNDQ2NDAxMDEyNzU2NzM2ODA3ZGI1ZA001))
