“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible”, the company said in a pre-release announcement.
The products affected are JDK and JRE 6 Update 25 and earlier for Windows, Solaris, and Linux; JDK and JRE 5.0 Update 29 and earlier for Windows, Solaris and Linux; SDK and JRE 1.4.2_31 and earlier for Windows, Solaris and Linux.
The Java SE platform enables developers to create and deploy Java applications on desktops, servers, and embedded environments.
In its most recent security intelligence report, Microsoft said that Java has increasingly become the target of cybercriminals. In the third quarter of 2010, the number of Java attacks increased to 14 times the number of attacks in the previous quarter. This increase was driven mostly by the exploitation of a pair of vulnerabilities in versions of the Sun (now Oracle) Java virtual machine engine for executing Java programs, accounting for 85% of the Java exploits detected in the second half of 2010.
Microsoft said that exploitation of Java flaws last year surpassed every other exploitation category that the Microsoft Malware Protection Center tracks.