The user would have to give an admin name and password to have it install to affect any system level operations. Even at the user level, the this article uses FUD phrasing by stating "more global" in its description of what the malware could do, if the user installed it in the user's home directory. Exactly what does "more global" mean, for-q-clinton, in reference to what could be done with a system wide installation? NOT much! In fact, very little... the user would still have to have installed the Java runtime applet to even BE vulnerable to this exploit. Do you have any idea what a small fraction of OSX users that is?
I again repeat, this is an ALREADY closed vulnerability, for the past TWO YEARS, affecting a small fraction of OSX users of older OSX Macs, and in addition, Apple has pushed out a patch fixing even THAT vulnerability within a short time of the announcement of its being found. The system now identifies it and prevents its download and/or installation. You are beating a dead horse.
Iso the question begs (though I am pretty sure of the answer)- if no password is provided, this malware can it cannot install anyway?
Or more directly- if your software is up to date, this applet won’t even try to install?