This comes from our guest host Greg Martin on Google+:
Java 0-day being exploited in the wild. There have been confirmed infections on Windows-based computers but it’s possible to compromise a Mac or Linux system as well. Currently the only recommendation for mitigation is to completely disable Java.
Links for thought:
Ars Technica article: http://arstechnica.com/security/2012/08/critical-java-exploit-spreads/
In-depth breakdown of the exploit (technical with mildly poor English): http://immunityproducts.blogspot.com.ar/2012/08/java-0day-analysis-cve-2012-4681.html
Proof-of-concept for the exploit (actual source code): http://pastie.org/pastes/4594319/text
There are also some claims that Oracle have known about the vulnerabilities for some time. https://www.pcworld.com/businesscenter/article/261612/oracle_knew_about_currently_exploited_java_vulnerabilities_for_months_researcher_says.html
I’m currently testing this out on my system (Linux) to see if I can get it to work.