Security experts are expressing doubt over Oracle Corp.’s ability to keep users of its software safe from attacks as the company struggles to produce one patch after the other for its highly popular but very vulnerable Java software.
Early last month, the United States Department of Homeland Security urged computer administrators and users to disable Java plug-ins in the browsers due to a major vulnerability in the software. Shortly after, Oracle issued an emergency security update to Java 7 but the move failed to patch two new vulnerabilities which would allow attackers to execute arbitrary code on computers using the software.
Failing to correct Java flaws can pose serious consequences for many users even if the software is only occasionally needed for browsing Web sites, according to a report from SiliconValley.com.
The federal database listing software vulnerabilities also cited flaws in software from Cisco, Hewlett-Packard, Apple, Google, Adobe Systems and Mozilla.
Read the whole story here