It seems that Oracle just can't win with Java; recently it updated to fix major vulnerabilities, but now it's being reported that fake updates are subverting the process.
Kaspersky Labs reports on the problem, which relates to malware that poses as Java Update 11. It's not using any of the recent vulnerabilities per se, but simply posing as a fix in order to snare the unwary who might be worried about having Java as up to date as possible. If you do need Java, that's sensible advice -- but make sure you're running the real thing.
Security Firms Warn Users of Fake Java Updates [Threatpost]