Eleven vulnerabilities across Windows, Linux and Solaris based versions of its JRE (Java Runtime Environment) and Java Web have been patched by Sun. This includes several flaws rated as "highly critical" by outside researchers.
Sun has patched 11 vulnerabilities across Windows-, Linux-, and Solaris-based versions of its JRE (Java Runtime Environment) and Java Web. This includes several flaws rated as "highly critical" by outside researchers.
The fixes to Java Runtime Environment (JRE) 1.3.1, 1.4.2, 5.0, and 6.0 plug holes that attackers could use to bypass security restrictions, manipulate data, disclose sensitive information, or compromise an unpatched machine. Among the JRE bugs, Sun said in several security advisories, are two that allow attack code from malicious sites to make network connections on machines other than the victimized computer...
Other vulnerabilities in JRE and Java Web Start, a framework that lets Java-based applications launch directly from a browser, could be used by attackers to read local files, overwrite local files, and hide Java-generated warnings.
Danish bug-tracking vendor Secunia has tagged five out of the 11 patches as "highly critical." You can read more from the Sun security blog or catch a skinny of the specific Java flaws at ZDNet Blogs.
Not all vulnerabilities affect all JRE versions. Due to the absence of an automatic update mechanism for both JRE and Web Start, it might make sense to just download and apply the updated versions here.