I for one would hope that AV vendors are those most involved in research and investigation into virus threats, and thus be among the first to discover and publicize them.
In this instance little research was needed as this exploit is not Apple specific, but actually exploits a bug in Java. Apple subsequently rolled out a Java patch on the 2nd of April.
However, yes, worth keeping an eye on the vendors blogs. The F-Secure blog, for example, is quite a good one. Well respected AV vendor and the blog is fairly independent in its writing style.