Thought your Java security woes were behind you? Think again. Oracle is planning to release a Critical Patch Update on Tuesday that affects multiple versions of Java, and it's another doozy.
According to Oracle's security announcement
, the patch pack addresses 40 different vulnerabilities. All update levels of Java SE 5, 6, and 7 are affected by the flaws, as are all versions of JavaFX.
Of the 40 bugs, all but three are remotely exploitable over a network without the need for a username or password.
Yes, that's bad. Oracle ranks the severity of its flaws using the Common Vulnerability Scoring System (CVSS), and the top-ranked bug in this particular update rates a 10.0 – the highest possible score.
"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible," the database giant helpfully suggests.