[Swordmaker]

"The technique -- dubbed "Machiavelli" -- exploits a vulnerability in the Mac OS X kernel, the heart of the machine's operating system. It only works on machines that have already been victimized, such as ones attacked with the pirated software. It can take control of Apple's Safari browser, logging passwords to financial accounts and data on bank statements, Dai Zovi said."

In other words, the target Mac has to have been previously compromised and ROOT turned on before this vulnerability is actually exploitable. That is a rare bird, er, Mac, indeed. Since they are talking about a previous compromise that means a trojan... and the user would have to install it.

[proxy_user]

Sure, I always su to root whenever some hacker emails me a Mac executable.

[Richard Kimball]

Attacks on Apple computers are extremely rare, but security experts say that will change as Macs gain market share on PCs running Microsoft Corp's (MSFT.O) Windows operating system

How many times have I read this?

If I'm reading this correctly, the exploit has to already be installed? I thought the point of security was to keep the exploit from being installed. You can deliberately install programs that will do anything to your computer.