Oracle has rushed to address the recently uncovered Java 7 zero-day vulnerability. However, the US Department of Homeland Security (DHS) still strongly advises users against using it.
Java still contains some serious unpatched vulnerabilities
and security holes are discovered all the time in this piece of software. As a result, the best thing to do, according to the DHS and numerous experts, is to uninstall it altogether if it’s not needed.
“Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future,” reads the DHS’s advisory
Bitdefender experts warn
that it’s currently being used to spread Reveton ransomware. Furthermore, Seculert researchers even found
that the major cybercriminal campaign known as Red October
was also exploiting an older Java flaw.
On the other hand, if you do need Java for your everyday tasks, Trend Micro experts have released a useful advisory
on how to reduce the risks without completely removing the software.