Java’s makers, Oracle, issued a fix for a ‘serious security flaw’ on Sunday, but the US government said it was not sufficient and asked users to disable Java on all internet browsers.
In an updated alert, the department said “unless it is absolutely necessary to run Java in web browsers, disable it. This will help mitigate other Java vulnerabilities that may be discovered in the future.”
Government intervention in such software issues is rare, but last week the Department for Homeland Security wrote on its website that “[The] Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered.” It has since added that update 11 remains flawed.