See About the Flashback malware. (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)
As to what it does, there's no real documentation on that. There are a few scattered reports here and there, like that it will redirect search results in your browser to malicious sites, but it was basically capable of anything. It injected code into your web browser at a minimum, and could have snooped on anything that you did with your browser. So you'd be wise to keep an eye on your finances, change any financial site passwords, cancel any credit cards the instant any suspicious charges appear, etc. You may want to pay for something like LifeLock to keep an eye on your credit rating and help you fix any problems that appear. That could be overkill, or it could save you from long-lasting financial consequences.
> Gimme some answers, Apple.
You do realize that Apple doesn't live here, right? They might drop by unofficially to browse in their spare time, but rarely comment and never openly or officially.
Safarii crashes and occassionally redirects to ad sites are about the only thing users are reporting today and some noticed nothing at all. There were many crashes in the early days, but it would seem they've worked out most of the bugs.
Intego wrote the only analytic report I have found that alleges capture and reporting of username/password pairs. They even figured out that reporting goes out over Twitter. But so far there has only been one report, that I've heard about, of fraudulent credit card activity around the time of infection. Maybe they just haven't gotten ariund to the exploitation phase yet.
As was mentioned, this malware has a backdoor, so could be configured to do most anything.