Today Oracle released its June 2013 Java SE Critical Patch Update (CPU) which fixed 40 new security issues. All vulnerabilities except three can be exploited remotely by an attacker, and in most cases, the attacker can take complete control of the system. An attacker can achieve this by using a variety of drive-by techniques letting a Java applet run arbitrary code outside of the Java sandbox. Todays CPU affects JDK and JRE versions 5, 6 and 7. We highly recommend applying these patches as soon as possible.
We have seen many Java issues recently, and below is a chart that compares Java vulnerabilities for the first half for the past three years. This year we had 137 vulnerabilities as compared to just 28 and 38 during the same period for the last two years.
In tandem with Oracle, Apple also released security update APPLE-SA-2013-06-18-1 for protecting Mac OS X users against these Java vulnerabilities. We highly encourage users to patch as soon as possible.