Java's version number scheme is confusing. The vulnerable versions included the first 7 (#00>06) updates of Java 7, v1.7. This is the 8th update (#07), and is said to contain a patch to stop the current malware (Oracle did not yet provide details about the update). Note that the vulnerability is exploited via the browser, and that Java may* be disabled there. Apple disabled Java in Safari by default in both Lion and Mountain Lion (required for this version of Java), but it can be turned back on.
*) Ideally it should be 'should' rather than 'may' here: the next vulnerability could be exploited tomorrow, and you don't want to step in it by default.
