Oracle has released a critical patch to fix 17 security vulnerabilities across Java standard edition (SE) products.
The Java 6 update 26 for Windows, Solaris and Linux provides fixes for affected products, including JDK 5.0 update 29 and earlier, JDK and JRE 6 update 25 and earlier, and SDK 1.4.2_31 and earlier.
Oracle said: "Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible."
In a blog post, Chester Wisniewski, a security researcher at Sophos, said all but one of the vulnerabilities affect Java Runtime Environment software in web browsers.
"We have seen great success among attackers using flaws in Java to exploit Windows computers, but also a broader experimentation with building malware that will run on Mac and Linux," he said.
Chester Wisniewski added: "I recommend testing out your standard OS images without the Java plug-in. Most people aren't using Java these days and it reduces the attack surface for exploits delivered over the internet."
The next Oracle Java SE critical patch updates is due on 18 October 2011.
Picture courtesy of Peter Kaminsky