Oracle today released an update to its ubiquitous Java software that fixes at least 17 security vulnerabilities in the program.
The company is advising users to apply this update as soon as possible; it looks like most — if not all — of the vulnerabilities addressed by this new version may be exploited remotely without authentication.
The latest version is Java 6 Update 26 (v. 22.214.171.124), and is available either through the updater built in to Java (accessible from the Windows control panel) or by visiting java.com. If you’re not sure which version you have or whether you’ve got the program installed at all, click the “Do I have Java” link below the red download button on the Java homepage.
Java’s broad install base has made it a major target for computer crooks. It certainly does not help that so many users fail to keep this very powerful program updated. If you have no use for Java, my advice is to get rid of it. If you can’t bring yourself to do that, consider disabling the Java plug-in(s) in your browser of choice unless and until you need the program.