A few days ago somebody “responsibly” published proof-of-concept code for vulnerabilities in Java and as a result there are now exploits starting to appear in drive-by-download exploit kits.
It’s “responsible” disclosure because the vendor has released fixes (Java 7u25) several weeks ago, but the problem is that Oracle did not provide fixes for Java 6 which they consider to be end-of-life. The result is that even the latest version of Java 6 (6u45) is vulnerable and is being exploited.
The only safe version is Java 7u25.
The Systems and Comms supplied Java-updating login script has until now upgraded Java to the latest versions of Java 6 or 7 depending on what was already on the machine. It will shortly be modified to upgrade any Java 6 to Java 7.
If you know of anything that will be broken by this, please let us know as soon as possible.
For everyone who has Java on their machine, we recommend that you update it to Java 7 as soon as possible.