[for-q-clinton]

Apple did indeed close this supposed "vulnerability" forever by instituting validation routines to assure the user was actually connected to the Apple Server and that the System Update Routines on the computer to be updated had not been modified.

Wait if it wasn't a real threat why did they fix it? You can't have it both ways.

[Swordmaker]

Wait if it wasn't a real threat why did they fix it? You can't have it both ways.

Can't you read? Do you not understand basic English?

Russell Harding pointed out that there was a possibility that it COULD be done... not that it was being done or had been done... so Apple made it so it couldn't be done.

Was it a threat? Only in the sense that any thing not thought of could be a potential threat in the future. Was it a vulnerability? Yes, if you don't trust the Administrator level users on your own Mac... but then if they have physical access and administrator permissions on your Mac they can do ANYTHING including activate Root if you haven't already locked it out with your own secret password. Was it ever exploited? NO.

It would NOT have been a threat to 99.9999% of Mac users.