Oracle published a new version of Java 8, 7 and 6 to address a vulnerability in the installer. CVE-2016-0603 addresses a flaw where the attacker would seed the system with malicious DLLs that the installer would use instead of the DLLs included in the package itself. This type of vulnerability is generally known as binary planting.
As Oracle points out existing installations are not at risk. New installations should use the latest fixed packages to address the case where an end user might have visited a malicious site which could have prepared the machine for the attack by downloading altered versions of one of the DLLs involved. Fixed versions of Java are 6 update 113, 7 update 97 and 8 update 73.