Vulnerabilities do not relate to Java on servers, standalone desktops applications, or embedded Java applications.
Oracle has issued an emergency patch to fix two security faults in the Java plugin for web browsers, which were recently exploited by hackers by installing the McRat executable on PCs.
The company said the McRat executable could be installed into PCs if the user visited a malicious web page that exploits the vulnerabilities impacting the availability, integrity and confidentiality of the user's system.
Oracle said in a statement: "Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."
Security firm, FireEye, first reported the exploits and urged all Java users who have not disabled the plug-in in their browsers to do so as soon as possible.
Oracle software security assurance director, Eric Maurice, said: "In order to help maintain the security posture of all Java SE users, Oracle decided to release a fix for this vulnerability and another closely related bug as soon as possible."