A Vulnerability Affecting Java 7

There has been found a vulnerability (CVE-2013-0422) in Oracle Java. The vulnerability may allow an attacker to run arbitrary code in a vulnerable system. Affected are Java JDK and JRE 7 update 10 and earlier versions in series 7 (JDK and JRE 6, 5.0 and 1.4.2, and Java SE Embedded JRE releases are not affected).

Users of affected versions are recommended to get update 11 here. New version has also default security level setting changed from medium to high:

"The default security level for Java applets and web start applications has been increased from "Medium" to "High". This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the "High" setting the user is always warned before any unsigned application is run to prevent silent exploitation."

If Java is not needed in a web browser then in addition to getting it updated it's recommended to disable Java in browsers. Instructions for doing that can be read here.