Oracle to patch 14 critical Java SE holes on Tuesday
Oracle says it will be patching fourteen vulnerabilities in Java SE (Standard Edition) this coming Tuesday, 12 June. All versions of Java, including the JDK and JRE version 7 update 4 and earlier, version 6 update 32 and earlier, version 5 update 35 and earlier, 1.4_2_37 and earlier, and JavaFX 2.1 and earlier are affected.
The company says that it will be strongly recommending that all users apply the patch update "due to the threat posed by a successful attack". Oracle says the highest CVSS base score of the vulnerabilities is 10.0. Twelve of the vulnerabilities may be exploited remotely without any authentication. The problems all reside in the Java Runtime Environment (JRE).