I think the recent Flashback.K qualifies to some degree. All you had to do is visit an infected webpage and the Java applet would walk onto your system. It would immediately ask for admin privileges, but due to the huge Java hole it would have your user privs automatically.
Since OSX enabled Java by default, and since responsible practices were no defense, this compromised enough Macs that it was proportionally comparable to the Conficker infection on Windows.
It's still useful to have though, and Apple makes it really easy to install. GlimmerBlocker, Maple, Processing and a few game clients I use need it. It does seem that the default is that "Enable applet plug-in and Web Start applications" is off by default (in the Java Preferences app; there's no mention in System Preferences).
In general, however, if you know you need Java and how to install Java as a dependency then in all likelihood you're savvy enough to avoid being infected.
Apple still ships Java; it's just not installed by default. When you run a Java app without having Java installed, you get a prompt to automatically download and install Java.
Since OSX enabled Java by default, and since responsible practices were no defense, this compromised enough Macs that it was proportionally comparable to the Conficker infection on Windows.
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...
http://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback