Oracle released an out-of-band security update for Java SE. Security Alert CVE-2012-4681 addresses three distinct but related critical vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.
These vulnerabilities may be remotely exploitable without authentication. In other words, the vulnerabilities may be exploited over a network without the need for a username and password merely by visiting a malicious web page with an unpatched version of Java.
Now that Java SE 7 has been officially released, it is recommended that users of Java SE 6 upgrade to the latest version. When you upgrade from Java SE 6 to Java SE7 please check installed program files and remove all versions of Java SE 6.
As of this posting, Java SE 7u7 is only available from this link: http://java.com/en/download/index.jsp
More Info in my blog post at Critical Java Security Update
These vulnerabilities may be remotely exploitable without authentication. In other words, the vulnerabilities may be exploited over a network without the need for a username and password merely by visiting a malicious web page with an unpatched version of Java.
Now that Java SE 7 has been officially released, it is recommended that users of Java SE 6 upgrade to the latest version. When you upgrade from Java SE 6 to Java SE7 please check installed program files and remove all versions of Java SE 6.
As of this posting, Java SE 7u7 is only available from this link: http://java.com/en/download/index.jsp
More Info in my blog post at Critical Java Security Update