Oracle has released an emergency patch for Java which fixes a critical bug leading to remote code execution without the need for user credentials.
In a security alert posted Thursday, the tech giant said the flaw, CVE-2016-0636, is rather potent -- having achieved a rating of 9.3 through the Common Vulnerability Scoring System.
The bug is considered so severe as the flaw "can impact the availability, integrity, and confidentiality of the user's system."
If a user running an unpatched version of Java in either their browser or desktop, a single visit to a malicious page can lead to the remote exploitation of their system -- without any authentication details such as usernames or passwords.
Oracle Java SE 7 Update 97, and 8 Update 73 and 74 for Windows, Solaris, Linux, and Mac OS X are affected. However, Java deployments in servers or standalone desktop applications -- which only run trusted code -- are not thought to be at risk.
Users should update their systems as soon as possible, since the severity of the flaw has forced Oracle to issue an out-of-schedule patch. You can download the fix here or accept automatic updates.
Last month, Oracle released a security patch for Java resolving CVE-2016-0603, which permitted attackers to fully compromise Windows machines.
Read on: Top picks
- How to increase your Bitcoin mining profit by 30 percent with less effort
- SMS Android malware roots and hijacks your device - unless you are Russian
- Bug bounties: Which companies offer researchers cash?
- Shodan: The IoT search engine privacy messenger
- What happens when you leak stolen bank data to the Dark Web?