Nothing so far from either Apple or Oracle.
I haven't re-enabled Java, so I didn't really keep up.
The snippets I read seemed to indicate it was a Java 7 vulnerability.
On another thread I was trying to help with, another poster stated that XProtect has disabled the java plugin, again. No info on whether a patch was available.