The reported vulnerability in Java 7, which allows untrusted code to override the SecurityManager and hence run malicious code on a client machine, was patched by Oracle on Thursday. Java 7 Update 7 fixes the vulnerability in the form in which it is actually known to be being exploited "in the wild".
General users can download the update to Java here.
Developers can download the update here.
There still remain reports that the patched version still contains a vulnerability allowing the SecurityManager to be overridden, but not in a form currently known to be being exploited. You are advised to "watch this space"...!