Oracle has just released Security Alert CVE-2012-4681 to address 3 distinct but related vulnerabilities and one security-in-depth issue affecting Java running in desktop browsers.  These vulnerabilities are: CVE-2012-4681, CVE-2012-1682, CVE-2012-3136, and CVE-2012-0547.  These vulnerabilities are not applicable to standalone Java desktop applications or Java running on servers, i.e. these vulnerabilities do not affect any Oracle server based software.

Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2012-4681 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible. 

• Developers should download the latest release at http://www.oracle.com/technetwork/java/javase/downloads/index.html  
• Java users should download the latest release of JRE at http://java.com
• Windows users can take advantage of the Java Automatic Update to get the latest release

JUG leader John Yeary tweeted "I want to take a moment to THANK #Oracle for doing the right thing. Too often people don't say thanks enough when they get it right." Thanks for your thanks. 

For More Information

Oracle Security Alert for CVE-2012-4681

Change to Java SE 7 and Java SE 6 Update Release Numbers