Does this malware require you to give permission for it to be installed, or does it install without that due to the flaw in Java? Apple released an update to Java which closed a security flaw, so my presumption was that it was using that flaw to install itself. Not true?
From what I've read your right it installs on it's own, it does ask for a password after it is already installed though I don't know why it does that maybe it has a function that needs it.
Certainly opens the doors for malware that doesn't need a password in the future if that isn't already in the wild.
I don't mean to sound bitter, cold, or cruel, but I am, so that's how it comes out