Gee, what were those AIX and Solaris admins thinking when they gave all us users shell accounts? Come to think of it, they never did get hacked through the shell, so maybe it's a problem unique to OS X.
(1) How do you know they never got hacked?
(2) Were they giving shell access to skilled hackers?
(3) Were they telling the hjackers from 2 it was ok to hack the box?
I'd like to know a lot more about the conditions of the test. If the guy was dumb enough to allow random users shell access, (I'm assuming through SSH, though there is no way to know it - it could have been telnet!), it would be nice to know if he did anything at all to secure the box. If he was running an http server, did he allow user mods of cgi directories?
Frankly there is is not nearly enough information in the article to tell if this was anywhere close to a valid test.
Solaris really is immune to privilege elevation exploits. Oops, found one.
And don't forget AIX.