It looks like Java is currently the target of choice for malware authors, which must be a relief for Microsoft, since Windows was the target of choice for years. That means Java’s developer (Oracle/Sun) is in for a rough ride: the rate at which new Java vulnerabilities are found and exploits developed to use them is going to increase. The only thing that will reverse the trend is a big push by Oracle/Sun to make the core of Java a lot more healthy in terms of security. Until that happens, you’re going to keep hearing the same advice: don’t enable Java in your web browser unless you need it, limit Java use in the browser to sites and applications that require it, and even remove Java completely if you really don’t need it at all.

Relevant links:

• Ars Technica: Critical Java vulnerabilities confirmed in latest version
• Adam Gowdiak: Java 7 Update 11 confirmed to be vulnerable
• Confirmed: Java only fixed one of the two bugs.
• Threatpost: Latest Java Update Broken; Two New Sandbox Bypass Flaws Found