As announced last week, Oracle today released a new version of the Java SE environment, version 6 update 26, for Windows, Solaris, and Linux. Oracle has designated this as a Critical Patch Update; it includes fixes for 17 identified security vulnerabilities; five of the patches apply to both client and server installations, one applies to server installations only, and eleven apply only to client installations. Nine of the vulnerabilities receive the most serious possible CVSS score of 10.0; all should be considered serious. Oracle notes that:
All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.
Further details are given in the Critical Patch Update Advisory.
If you have Java installed on your system, I recommend that you install the new version as quickly as you conveniently can. Windows users can use the built-in automatic update mechanism; alternatively, the new version can be downloaded here. Mac users should note that Apple provides its own version of Java for OS X; it usually takes some time for a new release from Oracle to be available for Mac.