Oracle has released a Java patch to address the major vulnerability reported a few days ago. Everyone is strongly recommended to install the update.
Sophos’ Naked Security blog offers this article that includes information about the vulnerability and the patch.
Oracle’s page for the the patch, Java 7 Update 11, includes technical details of the fixes for this and another vulnerability. Downloads for the latest version of Java, including this update, are located at java.com.
A new 0-day Java vulnerability has been discovered that is already being used in malware distribution kits “in the wild.” No update to fix the problem is yet available.
Naked Security has provided an overview of the vulnerability along with links to instructions on how to disable the Java extensions in all major browsers until an update is released. These extensions are the vector for attack via malicious web sites, so it may be a good idea to disable them, at least temporarily.
For convenience, here are the links for each browser:
The first line of defence, of course, is always to be careful not to visit suspicious web sites in the first place.