I'm sorry, but that's not even remotely true - you can smash the stack on OS X with a buffer overflow, just as you can on just about any other OS. Here's one example of same:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=239
Any OS written in any language that doesn't automate bounds checking at compile time or runtime, such as C/C++, is potentially vulnerable to this sort of thing. And that includes OS X - the only thing you can do is patch 'em as you find 'em, or rewrite the thing from the ground up in a language that is a bit more sensible about such things.
Should be "bounds checking at compile time or toss an exception at runtime"...
That is true, you can smash the stack... but can the overflow contain code that will execute from the stack?
According to the Apple Developer Connection:
Code on the Stack: Disabling Execution
Intel (Core) processors include a bit that prevents code from being executed on the stack. On Intel-based Macintosh computers, this bit is always set to On.
And from another source:
A note on the NX bit:
This is actually a property of the page table, a bit that can be set on any page table entry to permit or deny code execution on that page. Mac OS X is setting this bit for all stack pages.The Mach VM system allows the system to assign default and maximum protection levels to each range of memory addresses in use. Programs may alter the default access (read, write, and execute) but may not exceed the maximum rights associated with an address range. Stack address ranges are set to deny execute permission as part of the maximum allowed rights, and this cannot be altered by programs.
The point is that on OS X, it is not as easy to get arbitrary code to execute merely by overflowing a buffer into the stack. If execute rights are denied at the system level for the memory locations of the stack, how can it execute?