Computerworld reports that security researchers from CoreLabs have publicly released details on a critical security flaw in Mac OS X 10.5 Leopard, an older version of the Mac's operating system. Curiously, the security flaw in Leopard is quite similar to a flaw we reported on back in August, which allowed easy-as-pie browser-based jailbreaking of iOS devices.
CoreLabs became aware of the flaw in Leopard and informed Apple only a couple weeks after Apple patched a similar hole in iOS 4; according to those same researchers, Apple has had more than enough time since then to patch the flaw in Leopard. That the flaw remains unpatched was the researchers' motivation for sounding the alarm publicly.
The current version of Mac OS X, 10.6 Snow Leopard, is not vulnerable to this exploit. Those using Mac OS X 10.5 Leopard will remain vulnerable until Apple offers a security update for the older OS, which theoretically should be coming soon (reportedly, Apple has developed a patch and is simply waiting to release it). As it stands now, Mac OS X Leopard's vulnerability could potentially leave the OS vulnerable to malware or remote attacks. More specific information is available on CoreLabs' website.