Beardsley called the bug "super dangerous," noting that it was "totally a drive by," meaning that attackers could compromise a Mac, or other personal computers, simply by duping users into browsing to a malicious or previously-hacked website that hosts the attack code.
Beardsley recommended that users disable Java until Oracle delivers a patch, advice seconded by virtually every security expert commenting on the new-found flaw.
Mac owners can disable Java from within their browsers, or remove the software entirely from their machines.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.