June 2012 Critical Patch Update for Java SE Released
By Eric P. Maurice-Oracle on Jun 12, 2012
Hi, this is Eric Maurice.
Oracle just released the June 2012 Critical Patch Update for Java SE. This Critical Patch Update provides 14 new security fixes across Java SE products. As discussed in previous blog entries, Critical Patch Updates for Java SE will, for the foreseeable future, continue to be released on a separate schedule than that of other Oracle products due to previous commitments made to Java customers.
12 of the 14 Java SE vulnerabilities fixed in this Critical Patch Update may be remotely exploitable without authentication. 6 of these vulnerabilities have a CVSS Base Score of 10.0. In accordance with Oracle’s policies, these CVSS 10 scores represent instances where a user running a Java applet or Java Web Start application has administrator privileges (as is typical on Windows XP). When the user does not run with administrator privileges (typical on the Solaris and Linux operating systems), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability for these vulnerabilities would be "Partial" instead of "Complete", thus lowering these CVSS Base Scores to 7.5.
Due to the high severity of these vulnerabilities, Oracle recommends that customers obtain and apply these security fixes as soon as possible:
Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html
Java users should download the latest release of JRE at http://java.com, and of course
Windows users can take advantage of the Java Automatic Update to get the latest release.
In addition, Oracle recommends removing old an unused versions of Java as the latest version is always the recommended version as it contains the most recent enhancements, and bug and security fixes.
For more information:
•Instructions on removing older (and less secure) versions of Java can be found at http://java.com/en/download/faq/remove_olderversions.xml
•Users can verify that they’re running the most recent version of Java by visiting: http://java.com/en/download/installed.jsp
•The Advisory for the June 2012 Critical Patch Update for Java SE is located at http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html