On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636.
With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious codes on an affected web browser, they are vulnerable to this attack.
The vulnerability only affects Java SE running in web browsers. This vulnerability is not applicable to Java deployments, typically in servers or standalone desktop applications, that load and run only trusted code. It also does not affect Oracle server-based software.
Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected.
This is an out of schedule patch which indicates that this vulnerability is quite critical. Now developers can download the patched version of Java at here. For general Windows users, the patched version is released here. All users are strongly recommended to upgrade their Java as soon as possible to mitigate away from this vulnerability.
