A user may control, via the Java Control Panel, the level of security that will be used when running unsigned (also called "untrusted" or "sandboxed") Java apps in a browser. The user may select from five levels of security. See the "Setting the Security Level of the Java Client" documentation to see what the settings do and how users can tighten security. You can also read Henrik Stahl's blog Oracle JDK 7u10 Released with New Security Features.
Because this is an out-of schedule release remediating security vulnerabilities, going forward Oracle will increment the release number for all subsequent Java 7 releases by two numbers in order to continue having CPUs as odd numbers and limited updates as even numbers. For example, the next Java CPU release, scheduled for Feb 19, 2013, the JDK 7 release version will be renamed to Java SE 7u13.