After informing a researcher just a few days ago that
They fell under heavy criticism after their statement as it was demonstrated by multiple people that the vulnerability was fairly trivial to exploit and could cause some serious damage.

I'm glad to see they took the proactive step of understanding the vulnerability and pushing out a patch. I just wish they would fix the way in which Java manages updates (multiple redundant copies of the software with minor differences).

Under criticism for not patching a critical vulnerability in its recently acquired Java virtual machine, Oracle on Thursday released an emergency update that eliminates the zero-day threat.

Functionality in the Java Web Start component made it trivial for attackers to remotely execute malicious code on end-user machines. Tavis Ormandy, one of the researchers who first discovered the threat, said he alerted Java handlers inside Oracle

The link for this article located at Darknet is no longer available.