But then it's not a JavaScript "exploit", it's just JavaScript doing a run-of-the-mill call, it's still a problem with Java and not Javascript.
Saying that a Javascript exploit was used still doesn't cut it to me - but this is Apple and a HTML exploit was used for Macdefender malware right? So I guess anything is possible.
Just take note, my Apple computer now requires a password for absolutely anything, it's like windows was back in 2002. My Windows 8 computer now is basically password free. I think Apple is in the security defensive mode that Windows was in a long time ago, Windows has (maybe?) got security relatively down pat and doesn't require authentication multiple times just to move a file but Apple is doing anything to prevent it's flaws being exploited, that's my assessment of the security situation.
Update: Macdefender did use Javascript (but IIRC required the user to input admin password so it was "social engineering" rather than a flaw in Javascript). The updated version of MacDefender called MacGuard simply used the "download safe files" option in Safari to automatically download a file that elevated itself to Admin and installed the malware... hmmm
Links:
http://www.pcworld.com/article/226846/fake_macdefender_brings_malware_to_macs.html
http://www.pcworld.com/article/228956/macdefender_malware_morphs_to_more_dangerous_variant.html