Another day, another java exploit. A new browser based exploit apparently lets attackers execute arbitrary code on client systems, and there is no patch available. From what I've read, the vulnerability exists in JRE 1.7 or later, but 1.6 or earlier is ok. I didn't really see an option, and disabled Java on all of our machines (including Macs). Was this an overreaction on my part, or have you disabled Java as well?