There is a new vulnerability in Java 7 that is being used in targeted attacks. It works against INternet Explorer, Firefox and versions of Chrome running on Windows XP.
The massive installed base of Java makes this vulnerability a particularly serious one, as any Java zero day is, but the other factor in the mix is that Oracle uses a scheduled quarterly patch cycle, and the next one isn't until mid-October. Unless the company issues an emergency patch, which is does rarely, the vulnerability will be fair game for attackers for nearly two months.
Read more: