(LiveHacking.Com) – Oracle has released a critical patch update for Java that address at least 40 security vulnerabilities, 37 of which may be remotely exploitable without authentication, meaning they can be exploited over a network without the need for a username and password.
The new version of Java is Java 7 update 25 and it is the recommend upgrade for all users using Java 7 Update 21 and earlier; Java 6 Update 45 and earlier; and Java 5.0 Update 45 and earlier. It seems that Oracle has is no longer shipping updates for Java 6, however Apple has released a security advisory about Java for OS X 2013-004 and Mac OS X v10.6 Update 16.
In its advisory Apple recommend that OS X 10.6 users update to Java version 1.6 update 51 to address multiple vulnerabilities in Java 1.6 update 45. According to Apple Java 6 update 45 has bugs which allow “an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.” This means that Java 6 has been updates but is only available for OS X 10.6 users.
It is important that you apply this Java updates as soon as possible. Research from Websense has revealed that over 90% of users don’t update their Java versions in a timely manner.
Java is prone to security vulnerabilities and it is recommended, even after applying the latest patches, that users disable Java in the browser completely. If you don’t need Java (which you likely don’t), you should strongly consider removing Java completely from your machines.