Anyone still using Java 6 should upgrade to Java 7 as soon as possible. Oracle stopped making security fixes for Java 6 available to the public in February 2013, and exploits targeting unpatched vulnerabilities in Java 6 are finding their way into hacking toolkits.

Oracle has probably developed patches for recent vulnerabilities in Java 6, but these are only officially available to corporate clients with expensive support contracts. While I understand Oracle’s motivation for this, I disagree with their decision. When Oracle develops a security patch, it should be made available to everyone.