A French security researcher who calls himself Kafeine discovered a new zero-day vulnerability in Java that's already being exploited in the wild. Java 7 Update 10 contains a remote code execution vulnerability that can be exploited via a specially crafted HTML page.
The only way to protect your computer is to disable the Java plugin.
It appears this flaw was first stumbled upon by a French researcher who goes by the name Kafeine. In a post on his Malware Don’t Need Coffee website, the researcher claimed that the latest version, Java 7 Update 10, was being exploited on a site that receives “hundreds of thousands of hits daily” and concluded that “this could be mayhem.”
More importantly, Kafeine noted the two most popular Web threat tools used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit, already have this latest Java exploit.