Latest Java Patch Released Fixing 40 Security Flaws
"Oracle recommends that this Critical Patch Update be applied as soon as possible because it includes fixes for a number of severe vulnerabilities," Oracle said in a statement. "Note that the vulnerabilities fixed in this Critical Patch Update affect various components and, as a result, may not affect the security posture of all Java users in the same way."
One of the security holes Oracle plugged affects the Javadoc tool and the documents it creates. According to Oracle, some HTML pages created by any 1.5 or later versions of its Javadoc tool are susceptible to frame injection. If exploited, a remote attacker could inject frames into a vulnerable webpage, allowing him/her to direct users to malicious webpages. It received a CVSS Base Score of 4.3, which would classify it as a "major" bug.