According to a Brian Kebs post, exploits for a vulnerability patched in Java 1.6 update 33 and Java 7 update 5 will begin appearing in an exploit kit today. The patched version of Java was available roughly a month ago.
The generic Java advice is
1. If you dont need it, dont install it.
2. If you do install it, install all security updates upon release.
3. If you are forced to use an old version of Java, use a multiple browser technique where you enable Java only in one browser but not another.