Oracle releases Java security fix - concerns remain

Oracle released Java 7 update 11 (Java 7u11) on Sunday following a warning from the U.S. Computer Emergency Readiness Team (US-CERT) advising users to disable the software due to a serious and previously unknown security vulnerability. Even with the available fix, CERT, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is “absolutely necessary.”

The so-called Zero Day flaw was actively being used to secretly install malware on systems of unsuspecting victims and the exploit affected Windows, Mac, and Linux users, according to CERT's security bulletin. The vulnerability affects versions of Java 7, and does not apply to Java 6.