If you got that Java update from anywhere but Oracle's web site, it's almost a certainty you installed a Trojan. If that's the case, there's no telling what it does. Could be a keylogger, back door, etc.
Beyond that, yes, Java is so full of holes Swiss Cheese is envious. Unless there's some trusted site you can't use without having Java on, turn it off and leave it off.