The holes, five of which are rated as maximum risk vulnerabilities, affect the JDK (Java Development Kit) and JRE (Java Runtime Environment) 7 Update 2, JDK and JRE 6 Update 30, JDK and JRE 5.0 Update 33, and SDK and JRE 1.4.2:35, and earlier releases of each. Versions older than JavaFX 2.0.2 are also affected.
Oracle has closed the holes in Java SE 7 Update 3, Java SE 6 Update 31 and JavaFX 2.0.3. The updates are available for Windows, Linux and Solaris. Under Windows, the updates will be installed automatically via auto-update. Otherwise, the patches can be downloaded from the Java download page and installed manually. Oracle recommends that flawed versions be replaced as soon as possible.