By using vulnerable version of Java on MacOS, the flashback Trojan installs itself without user intervention. "There is no more installer, no request for a password."
There is a patch for the Macintosh version of Java available.
We continue to suggest using anti-virus on MacOS X. Also, make sure to keep 3rd party applications up to date.