Sun Microsystems has been forced to fix two security bugs in Java that can be exploited by remote attackers to take over computers.
Security research company Secunia says the flaws are "highly critical". Both flaws affect the Java Runtime Environment (JRE), which is the software users have on their machines to run Java applications.
One bug is a flaw in JRE, while the other is specific to Java Web Start, which is used to load Java applications over the internet.
The flaws can be exploited when users visit a malicious website. Sun said it wasn’t aware of any exploits of the flaws, so far.
As JRE is part of Java 2 Platform Standard Edition (J2SE), Sun says users must update to the latest version to avoid the risk of attack.