Critical Java Security Update

Oracle released an out-of-band security update for Java SE.  Security Alert CVE-2012-4681 addresses three distinct but related critical vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers. 

These vulnerabilities may be remotely exploitable without authentication.  In other words, the vulnerabilities may be exploited over a network without the need for a username and password merely by visiting a malicious web page with an unpatched version of Java.

Affected versions:

• JDK and JRE 7 Update 7 and earlier
• JDK and JRE 6 Update 34 and earlier

It is strongly recommended that the update be applied as soon as possible due to the threat posed by a successful attack.


Although Java is not required (See Do You Need Java?), if you do have Java installed on your computer, it is advisable to install the latest update.  It is also advised that all prior (and vulnerable) versions of Java SE be uninstalled from your computer.

Download Information

Now that Java SE 7 has been officially released, it is recommended that users of Java SE 6 upgrade to the latest version.  When you upgrade from Java SE 6 to Java SE7 please check installed program files and remove all versions of Java SE 6.