Vulnerabilities in Java SE and Java For Business
Oracle have released patches for two vulnerabilities (CVE-2010-0886 and CVE-2010-0887) that affect Oracle Java SE and Oracle Java For Business, when running in a 32-bit web browser. These vulnerabilities affect desktop Java running in web browsers only. They do not affect Java running on servers or standalone Java desktop applications, and do not impact any Oracle server based software.
These vulnerabilities can be exploited remotely without authentication, if the victim visits a malicious web page that exploits this vulnerability.
Users with the automatic update of Java for security and other issues activated, will have these fixes automatically applied over the next 30 days. The patches can be downloaded now from the Oracle website.