Oracle issued an alert about a new high severity bug in its Java plug-in. This critical security flaw can allow remote code execution without authentication, it's a cross-platform bug that affects Java SE 7 and 8 across Windows, Solaris, OS X and Linux. Everyone running Java needs to upgrade asap to the latest version.
Warning that technical details regarding exploitation of the vulnerability have already been released, Oracle has issued a critical security alert to all Java users. 'Due to the severity of this vulnerability and the public disclosure of technical details,' the company warned, 'Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.'
While the attack is cross-platform, there is one small mitigation: deployments of Java on embedded devices and server environments are typically configured to run only trusted code, meaning that they are not at risk of running remotely-supplied and unauthenticated code even if the vulnerability is successfully exploited.