Another day, another Java exploit: Oracle released an emergency patch—update 17—for its Java browser plugin that addresses two vulnerabilities, one of which is being exploited in the wild. That exploit allows the bad guys to install a piece of malware on targeted computers.
From Oracle's patch notes:
This Security Alert addresses security issues CVE-2013-1493 (US-CERT VU#688246) and another vulnerability affecting Java running in web browsers. Due to the severity of these vulnerabilities, and the reported exploitation of CVE-2013-1493 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.
Note that Apple maintains an Apple-supplied system virtual machine based on Java 1.6.x that is different from the browser plugin supplied by Oracle. That's for running Java apps, which is aimed predominately at Enterprise, science, and other non-consumer markets. Apple has been patching that of late, as well.
Oracle's Java browser plugin update is available to Windows users, as well. You can download the newest Java browser plugin from Oracle's Java website.