Hi, this is Eric Maurice.
Oracle today released two Critical Patch Updates: the April 2013 Critical Patch Update and the April 2013 Critical Patch Update for Java SE. The previous blog entry provided a summary of the April 2013 Critical Patch Update, and this entry will discuss the content of the Critical Patch Update for Java SE.
The April 2013 Critical Patch Update for Java SE provides 42 new security fixes. 39 of the vulnerabilities fixed in this Critical Patch Update are remotely exploitable without authentication. The maximum CVSS Base Score for these vulnerabilities is 10.0, and this score affect 19 different vulnerabilities.
Out of the 42 vulnerabilities, only 2 can affect server deployments of Java. Server exploitation can only occur as a result of these bugs when malicious data is supplied into specific APIs on the server (e.g., through a web service), and one of these bugs actually require local access to be exploited.
As usual, Oracle recommends that this Critical Patch Update be applied as soon as possible. Desktop users can install this new version from java.com or through the Java Autoupdate
For More Information:
The advisory for the April 2013 Critical Patch Update for Java SE is located at http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html.