Last week, in keeping with its usual quarterly schedule, Oracle released a new version of its Java SE software, version 7 update 21, for all platforms (Windows, Linux, Solaris, and Mac OS X). This Critical Patch Update Advisory addresses a total of 42 identified vulnerabilities; Oracle says that 39 of these can be exploited over the network without authentication: that is, an attacker would not need to log in to the target system. Nineteen of the vulnerabilities receive the maximum possible CVSS severity score of 10.0.
If you have Java installed on your system, I recommend that you install the new version as quickly as you conveniently can. Windows or Mac users can use the built-in automatic update mechanism; alternatively, the new version can be downloaded here.
As I’ve written before, most recently last October, there is a good case that the average individual user is better off without Java on his or her system. I won’t bore you by going through all of it again. If you do decide to install or keep Java, though, please be careful to keep it up to date.