Turns out that Oracle's original out-of-band update to Java only fixed one of the two nasty problems, and one vulnerability is still too many. The new update has given birth to two flaws that—when combined with the vulnerability Oracle missed—form another working exploit, leaving Java just as dangerous as it was before.
Java could still be fixed, but with problems popping out of the woodwork at these kinds of speeds, you'll be hard-pressed to stay up to date on Java's vulnerability at any given moment. It's super easy to shut it off in your browser and stay safe that way, so you probably ought to just do that. You probably won't even miss it. [threatpost]