Java security expert Adam Gowdiak, who has discovered several bugs in the software over the past year, said that the update from Oracle leaves unfixed several critical security flaws.
"We don't dare to tell users that it's safe to enable Java again," said Mr Gowdiak, a researcher with Poland's Security Explorations.
An Oracle spokeswoman declined to comment on Mr Gowdiak's analysis.