The malware, first discovered several months ago, is thought to have hit up to 600,000 machines leaving them at risk of being used as a 'botnet' by the creators of the rogue software.
Apple has now confirmed that it is working on a tool to detect and remove the virus, but Kaspersky Lab's chief security expert Alexander Gostev called the company to task over its response time.
"The three month delay in sending a security update was a bad decision on Apple's part," he said.
Flashback Trojan's creators were able to exploit a flaw in Java coding to enable the rogue software to install itself on computers without permission. Java developers Oracle were able to issue a patch for PC users as soon as the issue emerged, though this was not the case for Mac.
"Apple doesn't allow Oracle to patch Java for Mac. They do it themselves, usually several months later," Gostev added.
"This means the window of exposure for Mac users is much longer than PC users. This is especially bad news since Apple's standard anti-virus update is a rudimentary affair which only adds new signatures when a threat is deemed large enough.
"Apple knew about this Java vulnerability for three months, and yet neglected to push through an update in all that time."
Kaspersky Lab has provided a web resource for users to check if their machine has been infected. F-Secure previously issued instructions to help Mac owners manually remove the virus.
Apple advises anyone with a Mac running Mac OS X v10.5 or earlier that they can better protect their machine from malware by disabling Java in their web browser preferences.