According to Oracle, the most recent vulnerabilities only impact Java 7 (update 10 and earlier) running in web browsers - not servers or standalone applications - but some security experts still recommend that Java users keep the software disabled for now, even after applying Sunday's update.
This is the latest in a line of high-profile Java exploits, but unprecedented moves like those by Apple and DHS call Java's security into question on an increasingly public stage. Which makes you wonder: Does Java need a major security overhaul to survive? Should Java be disabled in all browsers? Is it more of a security vulnerability than it was three years ago? Is Oracle facing a Java "brand" crisis? Time will tell.