Oracle has issued an out-of-cycle patch for vulnerabilities in Java 7 that have been widely exploited to spread malware. This Security Alert addresses security issues CVE-2012-4681 (US-CERT Alert TA12-240A and Vulnerability Note VU#636312) and two other vulnerabilities affecting Java running in web browsers on desktops. These vulnerabilities are not applicable to Java running on servers or standalone Java desktop applications. They also do not affect Oracle server-based software.
Go to Oracle Security Alert for CVE-2012-4681 here - http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html