A new Mac OS X Trojan referred to as OSX/Crisis silently infects OS X 10.6 Snow Leopard and OS X 10.7 Lion. It then spies on the user by monitoring Adium, Firefox, Microsoft Messenger, Safari, and Skype.
The threat installs itself silently (no user interaction required) and does not need your user password to infect your Mac. It exploits Java vulnerabilities, but since OS X 10.7 Lion doesn’t include Java by default, this is suggesting there are other ways for this malware to infect your Mac. Newly released Mac OS X 10.8 Mountain Lion doesn’t seem to be affected by the OSX/Crisis.
The malware allows the person operating it to:
As this is a very advanced threat and since it hasn’t been seen in the wild yet, you’re unlikely to get infected by it. Still, if your work on Apple Mac is critical or you have classified information stored on it, it is very important that your security updates are always up to date and that you’re using an updated antivirus program.
Microsoft also suggests doing something about your Java as Java-based malware sees no end. So regardless of whether you’re using Mac or Windows-based computers, this is what Microsoft asks you to do with Java: "Update it, disable it, or kill it."