It’s definitely not fluff. Our faculty member who is the security guy and I were talking about the threat this morning. I’ve been seeing bits and pieces for a while in the various online software blogs. Unfortunately, I’m teaching an intro Java course right now and I can’t disable it and still work. I’m also teaching a DB course that uses Oracle. This is nothing new, these little bugs have been around for a number of years, they’re just getting more serious of late.
As you suggest, exploits have been around a long time. In the past, the security firms send out an alert, a patch is made, (essentially an upgrade to the program) and the cat ‘n mouse game goes on.
We don’t see a lot of alerts telling end consumers to not use the feature (Java in this case). That said an upgrade (patch) will be out soon, (a few days?) and life will go on.