Critical Java Update Fixes 20 Flaws — Krebs on Security
Oracle Corp. released a critical update to plug at least 20 security holes in versions of its ubiquitous Java software. Nearly all of the Java vulnerabilities can be exploited remotely to compromise vulnerable systems with little or no help from users.If you use Java, take some time to update the program now.
That, IMHO, should read "If you have Java installed, update the program now.
Java update plugs 20 critical security holes | ZDNet
Summary: The patch, which provides a fix for the SSL Beast attack, comes at a time when anti-malware vendors are reporting an “unprecedented wave” of exploits against vulnerabilities in Java.Links to the Java downloads are in yesterday's blog entry Oracle releases BEAST-patched version of Java.
Oracle has shipped a critical Java update to fix at least 20 security vulnerabilities, some serious enough to cause remote code execution attacks.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” the company warned in an advisory.
According to Oracle, 19 of the 20 vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.