Apple releases Java for OS X 2012-003 to address Flashback malware.
From Apple Support:
This Java security update removes the most common variants of the Flashback malware.
This update also configures the Java web plug-in to disable the automatic execution of Java applets. Users may re-enable automatic execution of Java applets using the Java Preferences application. If the Java web plug-in detects that no applets have been run for an extended period of time it will again disable Java applets.
Available for OS X Lion and Mac OS X Snow Leopard (Java for Mac OS X 10.6 Update 8).
It is recommended to disable Java in Safari. Go to Safari Preferences > Security > uncheck “Enable Java”
Apple no longer includes Java runtime with OS X Lion. If you never had any programs that required Java, OS X Lion will not prompt you to download and install the Java update.