Will be trivial for malware authors to change old exploits into this new form very quickly. This is an update to an older flaw that worked around the 'fix' by changing a few characters. How to exploit this flaw has been published since around March 9 or 10. If we want to play nice with that then the BAD version (to block) is 7u97, but I don't know what the good version is because those downloads are behind a login. There are hints Oracle may have updated Java 7 for paying enterprise customers. On Wednesday March 23rd at 12 noon Pacific Time, Java SE 8u77 released, which contains a vulnerability fix.
+++ This bug was initially created as a clone of Bug #1259177 +++