One usually has to go to MSDNC to see this kind of quality reporting. Long on opinion, short on facts. Fact - many systems were beaten. Which took the longest - can’t really tell. Which leave users most vulnerable - again, can’t really tell. If nothing else, I hope the authors ax is now sharp...
I read that Mac OS X with Safari was the first to be beaten (at least of the computer type systems...iPhone may have been actually the first though).
Yup. What I'd be most interested in learning is if any of the attacks elevated the attacker's privs to allow them to actually install software or (silently) make changes to the existing configuration. If it's just an overflow that crashes a browser, that's one thing. If it allws for the installation of a trojan, that's completely different. These are the types of details that would make the article actually informative, rather than just a pithy opinion piece.
Regarding it time involved for the hack, in this type of scenerio, it is really meaningless as these people come with prepared scripts and/or websites to exploit previously discovered defects. OTOH, if it takes someone 10 minutes from the start of the attack to the successful exploit, that would generally indicate the attack is impractical from an autmataed attacker's perspective.