Security experts warn that Oracle’s Java software for Web browsers still contains security flaws, despite the company’s attempt to patch the vulnerability in the software.
Adam Gowdiak, CEO of security explorations told Reuters, "We don’t dare to tell users that it’s safe to enable Java again."
Last week, the US Department of Homeland Security (DHS) warned that a security update for the software was not sufficient enought to protect computers from cybers attacks and advised them to disable the programme.
"Unless it is absolutely necessary to run Java in web browsers, disable it," Homeland Security’s Computer Emergency Readiness Team said.
Oracle said the vulnerability is related to the latest version of its Java 7 software.
Security experts claim that the vulnerablity in the software could allow cyber-criminals to steal credit-card numbers, banking credentials, and passwords.
Oracle said that it has changed the software’s default security settings to ‘high’ which would notify users of any extra applications that start running during the browsing time.
According to the firm, the flaw has affected the JDK7 version of the software, while has no effect on Java applications that have been installed and running on servers, desktops, laptops and other devices.
Kaspersky revealed that Java accounted for 50% all cyber attacks in 2012, followed by Adobe Reader, Microsoft Windows and Internet Explorer.
