R2D2′s comments: Not good news. I do wonder how they came exactly to the two years duration to fix Java. And this is a bit off: “The safest thing to do at this point is just assume that Java is always going to be vulnerable. Folks don’t really need Java on their desktop.” . Really? What WEB world has he been living in?
Now seriously, this is not the first time Java exploits are out there. However, problem is that it made it on the Metasploit library of modules.
If you haven’t read enough about this exploit – more details here