A few days ago, the U.S. Department of Homeland Security issued a warning to temporarily disable Java on your computers, warning of:
A vulnerability in the way Java 7 restricts the permissions of Java applets could allow an attacker to execute arbitrary commands on a vulnerable system.
Now this morning we have this from ARS Technica: Red October relied on Java exploit to infect PCs
Attackers behind a massive espionage malware campaign that went undetected for five years relied in part on a vulnerability in the widely deployed Java software framework to ensnare their victims, a security researcher said.
And:
Oracle developers patched the bug in October, 2011, the malicious Java archive file was compiled the following February.
Be warned.