It's time to download another security patch.
If you're on the Oracle mailing list, you should have received a security alert on Thursday evening indicating that it was once again time to apply another security fix.
Hopefully this fix will gum up the hole that was identified earlier on in the week when FireEye Inc. warned of a new zero-day vulnerability affecting the latest version of Java, which is being actively exploited by cyber criminals. "We have seen this unpatched exploit being used in limited targeted attacks," wrote Atif Mushtaq, a senior researcher at Milpitas, Calif.-based FireEye. A more in depth discussion of the exploit can be found at our sister site, searchsecurity.com
On a bit of a side note, searchsecurity.com also threw out the idea of perhaps 'sandboxing' the JVM to a greater extent to make it more secure. Essentially, take that trusted code base and make it 'not-so-trusted' anymore so that it becomes much more difficult for exploits to reach into registry setting and configuration files. Or perhaps users of the JVM just have to accept the fact that when a piece of software becomes this popular, there will inevitably be nefarious people actively looking to find exploits, and applying the occasional security fix is just par for the course.