Oracle recently released Java's Critical Patch Update, or CPU, for February. In other words, if you have not updated Java, now is the time to do so. Oracle only releases CPUs for Java four times per year, and this month's update fixes 21 vulnerabilities. The next CPU is set to be released on June 7, 2011.
Oracle's newest Java update addresses issues on both the client and the server side. As such, both end-users as well as enterprises should ensure that the latest update is installed and running to avoid the exploitation of the various vulnerabilities that exist.
The majority (12) of the fixed vulnerabilities exist on the client side, and are open to exploitation via untrusted Java Applets and untrusted Java Web Start Applications. To further address the client side issues, Oracle paired the Java Runtime Environment 6 update 24 with the CPU.
Oracle patched three vulnerabilities on the server side that targeted Java's server deployments. A binary floating-point number flaw accounts for one of the three fixed vulnerabilities. Oracle warned users about this issue earlier this month, prior the the release of the CPU.