Software vulnerabilities are common, but it’s not every day that the Computer Readiness Team (CERT) at the U.S. Department of Homeland Security steps in and starts warning the public. Not surprisingly, Oracle jumped on the security hole and released an update (Java Update 7u11) that resolves the problem. If you’re running Java (even the Java plug-in in your browser), update now.
That said, not everyone is convinced that Java users are completely in the clear after updating to the latest version. Experts agree that the updated version of Java now blocks the zero day exploit (in part by making you click a button to run Java technology present on most websites). But some research programs, including Poland’s Security Explorations, suggest that there may be other Java vulnerabilities that haven’t been addressed. You can disable Java, but it’s hard to avoid Java on the Web, so if you plan to continue using it, grab the update.