Security experts are expressing doubt over Oracle Corp.’s ability to keep users of its software safe from attacks as the company struggles to produce one patch after the other for its highly popular but very vulnerable Java software.
Early last month, the United States Department of Homeland Security urged computer administrators and users to disable Java plug-ins in the browsers due to a major vulnerability in the software. Shortly after, Oracle issued an emergency security update to Java 7 but the move failed to patch two new vulnerabilities which would allow attackers to execute arbitrary code on computers using the software.
Oracle no longer as bastion of securityHowever, for the past three years the software has been poorly maintained and has had at least 90 security vulnerabilities of medium to high severity, according to a federal database that tracks IT security issues.
Failing to correct Java flaws can pose serious consequences for many users even if the software is only occasionally needed for browsing Web sites, according to a report from SiliconValley.com.
The federal database listing software vulnerabilities also cited flaws in software from Cisco, Hewlett-Packard, Apple, Google, Adobe Systems and Mozilla.