An FYI, via The Telegraph:
It tries to take covert control of Macs using three methods. Two exploit vulnerabilities in Java, a software language commonly used by websites to deliver interactive elements, and require no intervention from the user to succeed.
If Java is not installed or all its security patches are up-to-date, however, the new variant, Flashback.G, attempts to trick users into installing it by presenting a fake security certificate that looks like it comes from Apple, according to Intego, a computer security firm...How does one ensure that one has the latest update of Java? Is this update from Apple's support site sufficient? (It doesn't specify any modifications of Java.)
Mac users running previous versions of OS X, such as Snow Leopard, are most at risk, because Java was included as part of the installation package... "It is therefore essential that anyone running OS X 10.6 update Java immediately," Intego said. Users running the latest version of OS X, Lion, may have installed Java themselves, however, and so should also ensure it fully updated.