Oracle released an emergency patch to address the flaw discovered and widely exploited in Java last week. Over the years Sun Microsystems, as well as Oracle, the current distributor of Java, has received bad press (and likely rightly so) for security flaws discovered and exploited in the Java runtime. Part of the criticism against them is in how long it takes them to release their patches after these flaws are discovered.
The Java runtime is free to end-users, and is necessary for some apps and some websites’ applets to run. Last week another major flaw was discovered, and very quickly ended up being incorporated into “hacker resource kits” that hackers use to commit their crimes. These hacker resource kits quickly became widely available on underground and pirate hacker websites, allowing criminals to ramp up their misdeeds. Oracle announced this morning that is now has a fix. Everyone using Java should absolutely download and install this latest version of Java (Java Runtime 7u11), AND remove any old versions of Java on their computers. Better yet, only install Java if you really need it.
Some security experts however are warning that Java is still dangerous to use, and warn against using it unless it’s absolutely necessary (if for example you have a vertical business application that only runs on Java). An article published today by ZD Net quotes the concerns of security experts, one of which says it will take two years for Java to make safe.