Vulnerability in the latest version, Java 7, was 'being actively exploited,' the department said. Many programmers are avoiding Java altogether, and its use in Web browsers is on the decline, he said.
This code, security experts warn, could be used to acquire personal information and steal identities, or subscribe machines to 'botnets,' which can then be used to hit networks and Web sites with denial-of-service attacks. Homeland Security said in an updated note that it is reiterating its advice it gave last week, in spite of Oracle updating the Java software to include a security fix that would prevent machines from being attacked by hackers. Oracle released a software update on Sunday to address a critical vulnerability in Oracle's Java 7 after the DHS' Computer Emergency Readiness Team issued an advisory last week recommending users disable the cross-platform plugin on systems where it was installed.

Oracle said in an advisory yesterday that it "strongly" recommended users update their Java software to repair the vulnerability. Security company Immunity reported that Oracle's update addressed only one vulnerability and that another still existed.
Department of Homeland Security has reiterated its warning to Java users that the widely used Web plug-in still poses risks for Internet users, even after Oracle patched the software to prevent hackers from exploiting a zero-day vulnerability. Department of Homeland Security has warned users to disable the plug-in, here's how you do it.
Department of Homeland Security is still advising computer users to disable Java on their Web browsers, fearing that an unpatched vulnerability remains.

Department of Homeland Security last week, but the federal agency still recommends that users disable Java in their Web browsers.'This and previous Java vulnerabilities have been widely targeted by attackers, and new Java vulnerabilities are likely to be discovered,' DHS said in a statement Monday.

