0 day for safari browser (macintosh)
Seems there is a 0 day (no patch) exploitable attackcode for the Macintosh Safari browser floating around and maybe being used. Someone at a hackers-security conference won an Apple notebook with it. As it took only a few hours after the posting of the contest, one may imagine that this one was already available. Rumors in the underground about 0days for macintosh have been mentioned before.
You can get compromised (with all the patches installed) if you visit sites that host the code. This may be the case with hacked-compromised sites and with sites like these that say they give you free films, software, porn , passwords and so on.
The privilege is that one of the user. So if you surf under simple user the other guy may have less rights (maybe not to install things).
Apple really needs to start thinking about communicating about security to its users. It is not because the car is safer that the road is safe and if I say that the internet is Bagdad, than the security of your car is of little value.