Three vulnerabilities have been reported in Oracle Java, which can be exploited by malicious people to compromise a user's system.
1) An error in how the "setSecurityManager()" function can be called can be exploited by an applet to set its own privileges to e.g. allow downloading and executing arbitrary programs.
NOTE: This is currently being actively exploited in targeted attacks.
2) An error when handling reflections within the java.beans.Expression class can be exploited to compromise a user's system.
3) An unspecified error in the Beans sub-component can be exploited to compromise a user's system.
Successful exploitation of the vulnerabilities allows execution of arbitrary code, but applies to client deployment only as the vulnerabilities are exploited through untrusted Java Web Start applications and untrusted Java applets.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
However, it's the latest version currently available, and as such, is presumably better to have than earlier versions --- provided you have an actual need for Java.
Many people are finally realizing that Java is less common online than they had been led to believe. I went Java-free about two years ago, and have not regretted that decision.
The Secunia Online Software Inspector (OSI) uses Java http://secunia.com/vulnerability_scanning/online/
but the Secunia Personal Software Inspector (PSI) does not (it uses Flash instead).