"It allows execution of attacker-supplied code without user interaction (apart from viewing a Web page) which usually means a "critical" classification." - Pynonnen.
A problem on the PC is certainly confirmed (Linux and Windows), but the jury is still out as to whether the Apple is similarly affected, given that Java is a cross platform language. Java was patched last month by Sun Microsystems, but details of the flaw were not made public until today. According to the Pynonnen, the flaw can be used to create exploits which can do anything the victim normally could, including browse, modify or run files, upload more programs to the victim's system.