Look at the comments when Apple releases a security update: http://www.versiontracker.com/dyn/moreinfo/macosx/15934&page=16
What you need to bear in mind, all CERT advisories for UNIX (BSD) need to be considered for Apple OS X. Apple repeatedly will answer: "Does Not apply". Then 6 months or so will go by, before Apple will quietly release an "update" that will address the security issue they've previously claimed: "does not apply". That’s how Jaguar came out. Also, Apple, even though they technically "don't support" OS9, still has OS 9 elements in Mac OS X and therefore there are ways to break into a system that way too.
The particular flaw discussed in http://www.pcw.vnunet.com/News/1133364 was in the OS X since the beginning and finally addressed by Apple about a year later. (Could Microsoft get away with ignoring an open security flaw for a year?) I’ve had personal experience with Apple ignoring flaws in the TCP/IP layer for more than a year – the OS was mis-negotiating the packet size.
It is possible to hijack an Apple system (its just UNIX underneath). And if Mac users are conditioned not to administer their system, and get sloppy, and Apple denies that there is anything wrong, when great flaws were there, then Apple will stay at 3% or less of the market.
No system is perfect. Windows is a big target. And the biggest problem with windows is not so much the weird ways people can figure out malicious attacks against the systems, but the sloppy administration habits of Windows Administrators. A fix was available for the Code Red worm, for example very early when the vulnerability was found, but not enough people applied the update that was available for them. I guess I’d rather be with a company that makes updates available than with one that denies there is a problem. Macs have their uses, but not for serious administration given the current attitude of the Apple management.