If you haven’t already made the leap to Java 5.0, you’ll want to at least update the version you’re using. The just-released versions 1.4.2_06 and 1.3.1_13 plug a security hole in the Java Plug-In for Windows, Linux, and Solaris, whereby a malicious applet may gain access to your local file system and do evil things. Java 5.0 is not affected.
The official vulnerability report from Sun contains a pointer to a more technical explanation of the vulnerability.
Hopefully Sun will put the update on Java.com and the automatic Java Update system soon. They seem to be dragging their heels a little, perhaps as a “soft launch” to ensure the update doesn’t produce any serious side effects.