Oracle releases emergency Java fix after US gov't warning about security flaws

Oracle Corp. issued a patch for a flaw in its Java software that caught the attention of the U.S. Department of Homeland Security -- but security experts warn that computer users aren't out of the woods yet.

On late Thursday, the DHS had advised people to temporarily disable the Java software on their computers to avoid potential hacking attacks. Computer security experts believed that hackers had found a flaw in Java's coding that creates an opening for criminal activity and other high-tech mischief.


The patch, accessible from the company's site or through the Java control panel, fixes this security flaw, Oracle said.

"This release addresses security concerns. Oracle strongly recommends that all Java SE 7 users upgrade to this release," reads a note attached to the update.

More On This...

But Adam Gowdiak, a researcher with Poland's Security Explorations who has discovered several bugs in the software over the past year, told Reuters that the update leaves unfixed several other, notable security issues.

"We don't dare to tell users that it's safe to enable Java again," Gowdiak told Reuters. Some security consultants are advising businesses to remove Java from the browsers of all employees except for those who absolutely need to use the technology, the site reported.

In a statement Saturday, Oracle said it was "aware of a flaw in Java software integrated with web browsers."

The glitch is only in the JDK7 version of the software, and it "does not affect Java applications directly installed and running on servers, desktops, laptops and other devices," the company said.

Java is a widely used technical language that allows computer programmers to write a wide variety of Internet applications and other software programs that can run on just about any computer's operating system. Oracle bought Java's creator, Sun Microsystems, in 2010.

Newswires contributed to this report.