This is a *big* deal. Unpatched 'zero-day' vulnerabilities mean you are vulnerable to attack even if all of your applications are up to date. When Oracle releases a new version of Java, be sure you install it ASAP. Also consider using Google Chrome which will always ask permission to run Java when a site (including infected ones) wants to access Java. You should only say 'yes' when you *know* that site uses Java for some type of interactive feature. Otherwise, decline the request. Other browsers don't do this.

Unpatched Java exploit spreads like wildfire
A new zero-day vulnerability in Java discovered on a Chinese web server being used in a targeted attack is being quickly adopted by online criminals.