"In this case, the cybercriminals used the Eleonore Exploit Kit 1.4.1, which M86 Security Labs experts researched a year ago and continue to update regularly."Eleonore Exploit Kit takes advantage of several vulnerabilities that have remained unpatched in Internet Explorer, Adobe Reader, and Java. But it starts with the vulnerability in IE. It DOES require the user to download and execute the file to be infected, though, so it is a TROJAN.
Exactly why I think this attack would work on OS X. It requires a browser vuln and social engineering.
Both Safari and Mozilla have vulnerabilities that could be exploited. The exploit depends more on Javascript than anything else, and that’s why (once again) I tell people that Javascript is a huge security issue, only slightly less than ActiveX.