Java Runtime Environment in Mac OSX has vulnerabilities that Sun has released updates to. Apple will have to provide an update via Software Update for general users shortly, see references from a complete list from the Sun Solve site. The issues include privilege escalation, failure to check signatures, buffer overflows, parsing of Zip allowing reading of arbitrary memory and code from local system accessing the local host. The current test below will result in a bootstrap failure.
At this time users should disable Java, if however it is needed then only trusted sites' .class and JAR files should be run.
<<Note: Test site below is a link to test CVE-2008-5353, it will cause your system to crash. Currently Virus Barrier is detecting this security hole. It is not a live link, you are responsible, you have to cut and paste the link.>>
http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html
drStrangeP0rk
Marc Schoenefeld has posted information on how to install a non-OSX java distribution and a link to a site with the exploit. Currently Virus Barrier detects and will put the virus into quarantine. You should of course delete the class files which all have the Java/Evasion.A virus.
http://www.illegalaccess.org/
drStrangeP0rk
Apple has released updates to the Java Platform released by Apple. Make sure to select update from Software Update to install these updates, they are critical. When installing the update make sure no applications that use Java are running before installing. This fixes many of the issues including preventing Java applets/applications from running and gaining elevated privileges.
http://support.apple.com/kb/HT3633
http://support.apple.com/kb/HT3632