Qualys CTO Wolfgang Kandek said that the majority of vulnerabilities are concentrated on desktop or laptop deployments, with the most common attack vector being web browsing and malicious web pages.
"The new version is Java 7 update 45, and you should update as quickly as possible on your desktop and laptop machines," Kandek said.
"Java 6 is also vulnerable to 11 of the 12 highly critical vulnerabilities, but there are no more public patches for Java 6.
"The recommended action for Java 6 here is to upgrade to Java 7 if possible. If you cannot upgrade, I would recommend to isolate the machine that needs Java 6 running and not use it for any other activities that connect it to the Internet, such as e-mail and browsing."
The remaining 76 flaws enable remote unauthenticated access for the hackers, which are critical on applications that are open to the internet.
This article is from the CBROnline archive: some formatting and images may not be present.
Join Our Newsletter
Want more on technology leadership?
Sign up for Tech Monitor's weekly newsletter, Changelog, for the latest insight and analysis delivered straight to your inbox.