Oracle Java 7 Update 21 Released - 42 vulnerabilities fixed!
Time for another update. :(
Java SE 7 Update 21
Download (Windows: 32-bit, 64-bit / OS X: 64-bit) / Release Notes / Security Advisory
Note. According to the release notes, this update will expire on 18th July 2013.
Due to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible.
Oracle today released two Critical Patch Updates: the April 2013 Critical Patch Update and the April 2013 Critical Patch Update for Java SE. The previous blog entry provided a summary of the April 2013 Critical Patch Update and this entry will discuss the content of the Critical Patch Update for Java SE.
The April 2013 Critical Patch Update for Java SE provides 42 new security fixes. 39 of the vulnerabilities fixed in this Critical Patch Update are remotely exploitable without authentication. The maximum CVSS Base Score for these vulnerabilities is 10.0, and this score affect 19 different vulnerabilities.
Out of the 42 vulnerabilities, only 2 can affect server deployments of Java. Server exploitation can only occur as a result of these bugs when malicious data is supplied into specific APIs on the server (e.g., through a web service), and one of these bugs actually require local access to be exploited.
As usual, Oracle recommends that this Critical Patch Update be applied as soon as possible. Desktop users can install this new version from java.com or through the Java Autoupdate. (Source