We’ll put this one in the maybe basket for now seem there’s been no actual proof. A guy by the alias InfoSec Sellout has found an exploit in OS X. Reportedly he has trialed the exploit on a closed network of 1500 machines and successfully infected used a worm to prove his theory.
Unfortunately he’s not going 2 let Apple in on the exact details on the vulnerability until he’s been rewarded.
More @ http://www.engadget.com/2007/07/18/new-os-x-vulnerability-found-worm-released-in-lab/