A rather large and new vulnerability inside of Java 7 has been quickly patched by Oracle. The exploit is said to allow remote attackers to run potentially malicious code, but can only be triggered if a user visits a website that has the code within the page. You can grab the latest update here.
Feel free to follow Brian and Gadget Unit on Twitter.
Source: Oracle