Oracle says it'll have a fix for those egregious Java vulnerabilities "shortly." [Reuters]