Patched or Not, Homeland Security Says You’re Still Better Off Without Java
Just because Oracle patched the latest vulnerability in its Java software for Web browsers doesn’t mean it’s wise to continue using it.
That’s the gist of the U.S. Department of Homeland Security’s latest vulnerability advisory on Java, which has been in the headlines for the past week because of yet another critical vulnerability that could be exploited to install and execute malicious code on unguarded systems.
“Unless it is absolutely necessary to run Java in Web browsers, disable it,” Department of Homeland Security’s Computer Emergency Readiness Team (CERT) advised. “This will help mitigate other Java vulnerabilities that may be discovered in the future.”
CERT’s recommendation, while blunt, echoes that of security researchers who have long said the best solution for the perennially vulnerable Java is to dump it entirely. As Twitter engineer and security expert Charlie Miller told Reuters, “It’s not like Java got insecure all of a sudden. It’s been insecure for years.”