Oracle just issued an update to fix the security exploits in Java that could allow malicious websites to install a piece of software without the user’s consent. The security hole was being actively exploited that even forced the Computer Emergency Readiness Team (US-CERT) to advice users to disable Java altogether.
Today, the company released an emergency patch which they assure mitigates the vulnerabilities with security alert CVE-2013-0422 and CVE-2012-3174. The update also changes the default security setting for Java to “High”, which means that from now on, users will need to acknowledge any Java applets before they can run in the computer. Oracle also recommends to apply the update as soon as possible, since it does not take a lot skills for someone to create something that could put your system at risk.
Following The Verge report, Adam Godwiak, responsible for finding the vulnerability, told Reuters that the patch released isn’t enough for users to be one-hundred percent safe, “We don’t dare to tell users that it’s safe to enable Java again.” Which simply means that until there is no doubt the situation is clearly fixed, the best solution is just to have Java disabled.