AppleScript Exploit
Yesterday, a story on Slashdot pointed out a vulnerability in ARDAgent (AppleScript) that allows a non-root user to execute code as root. Naturally, a trojan based on this flaw has already been released.
Without attempting to downplay the severity of this security hole, it’s worth pointing out that this is a trojan-style exploit, meaning the user is required to execute malicious code on his or her computer. People like to point and laugh whenever bad news arrives on the OS X security front, but these things happen, and a little bit of common sense goes a very long way towards protecting your privacy and data.
That said, Apple would be smart to fix this immediately.