The CVE-2016-0636 vulnerability affects Java SE running in web browsers on desktops, this means that an attacker could set up a malicious web page to remotely take over a vulnerable PC. The new vulnerability may be remotely exploitable without authentication. See original message Oracle recommends to upgrade Java environment as soon as possible.