Java is notoriously full of security holes, with several being exploited earlier this year and sending Oracle scrambling to patch them up. Oracle's latest Java patch brings with it fixes for some 40 security holes. Because of all of the security patches, Oracle recommends that you apply the patch as soon as possible.
34 of those major security fixes are in the client distribution of Java 7. Of those 34, eleven were given the highest security risk score from Oracle's Common Vulnerability Scoring System. This patch is important to apply as all but three of the exploits are exploitable over the network without any authentication.
Eric Maurice, Oracle's Director of Software Assurance:
Oracle recommends that this Critical Patch Update be applied as soon as possible because it includes fixes for a number of severe vulnerabilities. Note that the vulnerabilities fixed in this Critical Patch Update affect various components and, as a result, may not affect the security posture of all Java users in the same way.