Oracle has released an update to fix the critical security flaw (vulnerability) in its Java software 
that cyber-criminals wielding malware have been exploiting to break into vulnerable computers.
This new release of Java 7 Update 11 fixes CVE-2013-0422 in Java 7 Update 10 and earlier versions of Java 7. The update is available via Oracle’s Web site, or can be downloaded from within Java via the Java Control Panel.
Existing users should be able to update by visiting the Windows Control Panel and clicking the Java icon, or by searching for “Java” and clicking the “Update Now” button from the Update tab.
This update also changes how Java handles Web applications. According to Oracle’s advisory: “The default security level for Java applets and web start applications has been increased from “Medium” to “High”. This affects the conditions under which unsigned (sandboxed) Java web applications can run. Previously, as long as you had the latest secure Java release installed applets and web start applications would continue to run as always. With the “High” setting the user is always warned before any unsigned application is run to prevent silent exploitation.”