The security hole is serious, in that a malicious Java script could give itself privileges to do what it wants (read or delete files, run programs). This includes bad websites!
Java Runtime Environment 5, Update 10 (and earlier) and Java Runtime Environment 6 are vulnerable.
To patch your computer (Windows Update will not fix this flaw), I suggest the following:
- Open your computer's control panel and go to "Add/Remove Programs."
- Check the version(s) of Java that are installed
- If you have any of the following, remove (uninstall) them:
* JDK and JRE 6
* JDK and JRE 5.0 Update 10 and earlier
* SDK and JRE 1.4.2_14 and earlier
* SDK and JRE 1.3.1_20 and earlier
(I always uninstall all older versions of Java before upgrading to a new version. From experience, that works best.)
- After uninstalling, reboot your computer if it prompts you to.
- Download a new version of the Java Runtime Environment from the Sun website and install it. I am providing links below.
CRITICAL DIRECTIONS BELOW:
I have been using Java Runtime Environment 6 and went to Java Runtime Environment 6, Update 2 without any problems. Here are links to download the latest version of Java. You only need one of them and, unless you know that you need version 5, I recommend using 6, which is the first link:
Java Runtime Environment 6, Update 2: (scroll down to "Java Runtime Environment (JRE) 6u2" and download it - then install)http://java.sun.com/javase/downloads/index.jsp
Java Runtime Environment 5: (scroll down to "Java Runtime Environment (JRE) 5.0 Update 12" and download it - then install)http://java.sun.com/javase/downloads/index_jdk5.jsp