Then there's this, from The H Security -
17 January 2013, 10:37
"Another Java zero-day vulnerability apparently available"
A black-market vendor has claimed to have found a new zero-day vulnerability, an exploit for which he is selling on blackmarket forums, according to Krebs on Security. The vendor appeared to be selling information about the hole just 24 hours after Oracle had provided a patch, Java 7 Update 11, to close the other dangerous security hole that had begun surfacing at the end of 2012. Brian Krebs reports that the seller is offering an exploit for the vulnerability for $5,000 per person and is said to have already sold it to two interested parties. The seller was amused that "java has failed once again and let users get compromised".
Read the full article:
Also - I'm almost embarrassed to admit, after my lengthy posts on how to update Java - I have decided to go ahead and remove it entirely from my system. I uninstalled Java 7u11 earlier today, and so far it has not had any noticeable effect on my system, or my normal browsing activities.
Unless I find that I must do otherwise, I'm going to wait until they come up with a reliable and safe solution for this problem.