Apple seems to be having a really tough time admitting that malware can gain access to their OS X platform, regardless of whether it is directly via the OS or not. Apple has gone to some lengths to point out that its a Java exploit - but a Java version provided by Apple, not Oracle. Apple just announced they are working on a tool to remove malware served up by the Flashback exploit, and they have also released a couple of updated Java versions to mitigate the risk - although if you are running OS X 10.5 or earlier, apparently you are s.o.l. for now - they recommend that you "disable Java" in your web browser to "better protect" yourself. Not really an on-the-ball or comprehensive response IMHO, as the Windows version of this was addressed in February.
Just man up Apple; you have a cool OS and everything, but it's not completely cootie-resistant.