Another month and another shock virus claim...
Symantec list this as a very low risk, it's been around for months. it does require a level of social engineering, you choose to download it and then choose to ignore a system warning about it being downloaded, and then if you give it the users password it installs. Most macs have the root account disabled and essentially rely on sudo. The latest release, as mentioned, does not require the password to do a limited install. which presumably means you'll be warned whenever it tries to install it's downloaded payload.
Hopefully Oracle will roll the osx release into their main release cycle soon, Java has been depracated on osx since 2010 and has been in the process of being redacted into the main release ever since.
Macs, like Linux, aren't virus immune. But both are a harder target.