Seems that not a day goes by that there will always be some type of bug founds with software and today is no different. Fortunately there are independent security research firms. that specialize in finding such nasty things, such as a critical zero-day vulnerability.
Adam Gowdiak of Security Explorations had announced the bug discovery earlier on Tuesday inferring the severity and risks. The apparently affect all Java runtimes across both the PC and Mac platforms. Anyone that uses a Java plug-in there Web Browser will affected. Simply put, every version of Java from the past eight years, with over 1 Billion people being at high risk and vulnerable. The threat not only affects the current version 7 of Java, but will also wreak havoc with previous versions of 5 and 6.
"The impact of this issue is critical--we were able to successfully exploit it and achieve a complete Java security sandbox bypass in the environment of Java SE 5, 6, and 7."
No doubt this is one nasty and critical exploit with the capability to worm its way out of a Virtual Machine environment and run arbitrary code on, and remotely compromise a vulnerable system.
At this time the best advise is to disable the Jave plug-in, and wait for the patches from Oracle says Gowdiak. Oracle's next regularly scheduled patch release is supposed to be out on October 16, 2012.
At least there is a bit of good news that Information week had posted earlier today;
“On the upside, however, Gowdiak said he's seen no evidence that the bug, which his company reported privately to Oracle--has been spotted by anyone else, or that it's being used in in-the-wild attacks.”
Seems that it might be a savvy habit to manually check for all the current updates, plug-ins, and virus/ malware definitions, etc... since relying on them automatically may sometimes lead to a system at risk and polluted beyond repair other than a full reformat and re-install.