Trusted sources have confirmed that this new update addresses the 0Day released by Google's Tavis Ormandy.
Sadly, trusted friends and security professionals shouldn't have to 'figure' out if this update fixes the issue...Sun/Oracle should be informing their paying customers - especially corporate companies.
While the release notes above indicate the update addresses several critical security issues, they made no reference to CVEs or other any meaningful references. What was fixed?
Still no official statement from Oracle/Sun on any of this...which I feel is a slap in the face to their customers (both free users of Java and the corporations that pay them millions of dollars for other products).
Perhaps they should have used some of that Iron Man 2 money to get a better public relations team - especially when dealing with active in-the-wild exploit against a publicly known vulnerabilities in their product. Freaking sad.
Big ups to Steve Manzuik & Ryan Naraine @ Threatpost.com for all their help.