DHS’ CERT still advising computer users to disable Java on their Web browsers

DHS’ CERT still advising computer users to disable Java on their Web browsersWith security experts disclosing that Oracle's Java software still contains security vulnerabilities, even after the company's Sunday release of a software update to patch the recently-detected flaws in the Java 7 program, the Department of Homeland Security (DHS)'s Computer Emergency Readiness Team (CERT) is persisting with its advice to the computer users to disable Java on their Web browsers.

In its last-week issued advisory, CERT had recommended that users should temporarily disable the cross-platform plugin on the computers on which it was installed; and it is continuing with its recommendation, in the wake of fears that an unpatched Java vulnerability still remains, despite the fix released by Oracle.

Although Oracle has mentioned in its post-fix advisory that it "strongly" recommends users to update their Java software so that the reported flaw can be fixed, the DHS said that security firm Immunity has revealed in a report that the Oracle patch did not stop the exploit. As per Immunity's report, the update released by Oracle addressed only one security flaw in Java, leaving another flaw unaddressed.

As such, in an updated advisory which included instructions for disabling the plugin, CERT said: "Unless it is absolutely necessary to run Java in Web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."