Update is out. http://krebsonsecurity.com/2013/01/oracle-ships-critical-security-update-for-java/ "Also, it seems malware writers are constantly finding new zero-day vulnerabilities in Java, and I would not be surprised to see this zero-day situation repeat itself in a month or so. Also, most users who have Java installed can get by just fine without it (businesses often have mission-critical operations that rely on Java)." Basically, to treat it like "oh the plugin is safe again! PATCH IS OUT!" is a really false sense of security. The only good thing about this latest update is “The default security level for Java applets and web start applications has been increased from “Medium” to “High”.