It promised earlier this week that a fix was coming, and Apple has now delivered a Java security update that is says removes "the most common variants of the Flashback malware." That update also reconfigures the Java web plug-in to disable the automatic execution of Java applets by default (in Lion, at least -- those still on Snow Leopard are advised to do that themselves), although folks can re-enable that functionality if they choose. As usual, OS X users can download the update through the Software Update application.