Remember that big zero-day Java vulnerability the Department of Homeland Security was all worried about? Well, Oracle fixed it. Oh wait, no. That latest Java fix still has a big ol’ hole. It’s time to abandon ship, folks.
https://gizmodo.com/even-the-department-of-homeland-security-wants-you-to-d-5975415
Turns out that Oracle’s original out-of-band update to Java only fixed one of the two nasty problems, and one vulnerability is still too many. The new update has given birth to two flaws that—when combined with the vulnerability Oracle missed—form another working exploit, leaving Java just as dangerous as it was before.
https://gizmodo.com/oracle-claims-to-have-patched-the-java-vulnerability-th-5975662
Java could still be fixed, but with problems popping out of the woodwork at these kinds of speeds, you’ll be hard-pressed to stay up to date on Java’s vulnerability at any given moment. It’s super easy to shut it off in your browser and stay safe that way, so you probably ought to just do that. You probably won’t even miss it. [threatpost]
https://gizmodo.com/how-to-disable-java-in-your-browser-5975475
Image by Levent Konuk/Shutterstock
