Oracle Corp. says it is readying an update to fix the Java security flaw that had the Department of Homeland Security encouraging computer users to disable Java in their Web browsers to avoid being compromised by hackers.
The company wouldn’t reveal just when the solution would be ready, but a statement released late Friday read, “A fix will be available shortly.”
Computer security experts warned Thursday that hackers had breached Java and figured out how to bug millions of Internet browsers, potentially exposing a person’s computer to malware that would enable identity theft or conscript it into a network that would involuntarily attack websites. The issue affects Oracle Java 7 update 10 and earlier versions.
The statement also said the security risk is present only on the JDK7 version and “does not affect Java applications directly installed and running on servers, desktops, laptops and other devices.”
Java, which is employed on 850 million computers, is a plug-in that lets browsers access Web content and an array of Internet options. The hack mostly affects PC users as Mac computers often disable Java automatically.
Still, Apple has encouraged customers to update their security software in light of this news. PC World reported that 600,000 Apple computers were affected by a similar hack last year. Mozilla has “blacklisted all current releases of Java.”
Java became the most-hacked software last year when it replaced Adobe Reader at the top of the list. Security experts advised computer users to use Java only if it’s absolutely necessary, citing a hacker’s ability to infect systems by using legitimate websites to spread the malware.