As an update to last week’s post, it seems the patch Oracle put out took care of the bug it was supposed to, but others are still there, and just as bad as the original. Your system can still be hijacked just by visiting an infected page. However, one of the things the latest patch did was change the default trust so that you have to explicitly allow an unsigned applet to run. So if you go to a web page, and Java starts asking for permission to run something, say NO unless you are expecting to run a Java app. Don’t take the default most people do and just click to allow applet.
Also, if you don’t need Java in your browser, you can disable it, either in the browser or the Java Control Panel (if you are up to date). It’s pretty easy to do – unless you’re using Internet Explorer on Windows, anyway. The, apparently, it’s an ordeal that, according to the article at the link, even Microsoft can’t document properly.
So no need to panic – just take reasonable precautions, as always.