Turn Off Java — Flashback Trojan Risk
MacRumors has an unsubstantiated report of infected Macs from the Flashback Trojan, another reason to refuse to run Adobe Flash, and validating Jobs’ brilliant decision to discontinue including it in Mac OS X a few years back, a decision that drew ugly denial-of-reality attacks from Adobe.
This latest security risk is not caused by Flash itself; the Flashback Trojan masquerades as a Flash Player installer.
Be sure to run Apple system software update, which closes the vulnerability. Apple failed to update Mac OS X Java when the vulnerability surfaced in February.
The fundamental problem is the constant security issues with Flash which thus require constant updates, lulling users into clicking any button having to do with “updating your flash player”. Flash is a pox on the internet.
Disable java
Few sites need Java. Disabling Java in the web browser has always been a good idea.
Do not confuse the confusingly named Java and Javascript. Many sites require Javascript to run properly.
See also Setting up Your Mac for Better Security.