I'm fed up with the distorted and incomplete reports from the media, including many sources that ought to know better and provide all the details.
The big terrible dangerous flaw in Java that they are reporting was introduced in version 7, release 10 to be exact. It involves a totally new function call, and poses a risk only for Java run from the web using the Java plug-in (or possibly Java programs downloaded that require version 7.)
Version 7 of the Java plug-in is not present on most PCs yet. Most of us, and especially those who are not running Windows 8, probably have version 6. Scripts designed to take advantage of the flawed function do not work with version 6.
So... Disable or uninstall Java if you wish, but don't buy the pile of BS the media is trying to dump on you. It's true that Java security seems to have declined since Oracle took over, but Java 7 is not installed on "850 million PCs" as the press keeps trying to claim. In fact, I doubt that any version of Java is installed on that many machines. A quick check of about a dozen PCs running XP that I could easily reach at work and at home found version 6 with releases ranging from 24 to 30. No version 7, even on two machines with Windows 7.The actual US-CERT alert is here.
If you read it carefully, you will note near the bottom that it explicitly says that downgrading from Java 7 to Java 6 removes the vulnerability.
I believe in most cases you can find out your Java version by entering the following at a command prompt:
Note that the version appears with a "1." in front of it, so Java 6 is actually version 1.6.0_xx and Java 7 is actually version 1.7.x_xx. If you have 7, you should definitely do something about it.
Of course, caution is always in order when dealing with unfamiliar web sites or untrusted sources.