What is it?
A remote code execution vulnerability (tracked as CVE-2013-2423) affecting Java versions 7 Update 17 and prior, which allows a complete sandbox bypass via browsers.
How does it work?
The root cause of the vulnerability is a type-confusion issue in Java reflection, which allows calling internal methods to disable the security manager. This issue can be leveraged by simply convincing a user to visit a web page that contains malicious Java content.
Should I be worried?
Yes, an exploit for this vulnerability is now bundled in various exploit kits that allow arbitrary code execution in a reliable manner. Users should show caution when visiting untrusted websites if their systems are not patched.
How can I prevent it?
Oracle has since issued version 7 Update 21, which fixes the vulnerability. Any system using an older version should update to this generation. This update fixes 42 security issues, including the one discussed above.