That is true, you can smash the stack... but can the overflow contain code that will execute from the stack?
According to the Apple Developer Connection:
Code on the Stack: Disabling Execution
Intel (Core) processors include a bit that prevents code from being executed on the stack. On Intel-based Macintosh computers, this bit is always set to On.
And from another source:
A note on the NX bit:
This is actually a property of the page table, a bit that can be set on any page table entry to permit or deny code execution on that page. Mac OS X is setting this bit for all stack pages.The Mach VM system allows the system to assign default and maximum protection levels to each range of memory addresses in use. Programs may alter the default access (read, write, and execute) but may not exceed the maximum rights associated with an address range. Stack address ranges are set to deny execute permission as part of the maximum allowed rights, and this cannot be altered by programs.
The point is that on OS X, it is not as easy to get arbitrary code to execute merely by overflowing a buffer into the stack. If execute rights are denied at the system level for the memory locations of the stack, how can it execute?
In any case, NX is a hardware function, not a feature of the operating system. Windows systems on processors that support NX enjoy exactly the same protection. In addition, it's hardly a universal fix for buffer overflows. All NX does is prevent stack pages from being executed - it does not prevent the stack-smasher from pointing to another location in memory and executing code located there. And it can't.