FireEye offered the following details in regards to the latest Java failure:
Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.
Upon successful exploitation, it will download a McRAT executable from same server hosting the JAR file and then execute it.
Just Another Vulnerability Announced.