Ok, so this has to change:
The vulnerability in Java that Flashback exploits was patched in February by Oracle. But Apple waited nearly two months to update OS X with that patched version.
This is the single biggest security issue for Macs. OS X includes a number of software components from third-party vendors and the Open Source software community, and Apple has a terrible track record in updating those components. When a vulnerability becomes publicly known because it’s been patched on another platform, but it isn’t patched on another, the bad guys have a straight-line roadmap to compromising that unpatched system.
It’s a fair, well-written article about the virus. Worth reading.