ZDNET says that hackers have found a weakness that can allow for the installation of malicious software and malware on machines which could then be used for identity theft or for adding the computer to botnets that are often used for denial-of-service attacks.
"We are currently unaware of a practical solution to this problem," said the DHS' Computer Emergency Readiness Team (CERT) in a post on its Web site on Thursday evening. "This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. Exploit code for this vulnerability is also publicly available."
It's being recommended that users disable or uninstall Java immediately to mitigate any damage.
Apple has already moved to address the issue by updating Xprotect.plist to require a minimum Java version of 1.7.0_10-b19. Since this is newer than the current 1.7.0_10-b18 version, Java is prevented from running.