Infoworld has a summary article about the growth in the risk of malware to OS X users:
The Mac's vulnerabilities
In some cases, attackers will seek to exploit vulnerabilities such as currently unpatched flaws in Apple's QuickTime multimedia player application. In other cases, malware writers will use threats based more on social engineering, such as with the MacSweeper rogue cleanup tool that appeared during Macworld Expo, the researcher said.
MacSweeper serves as evidence that developers -- both credible and not -- have already begin to turn more of their attention to Apple platforms, anticipating Mac users' security fears, Marcus said. Although MacSweeper is pitched by its creators as a utility for cleaning malware programs and other unwanted software off of Mac OS computers, it has proven to do almost nothing of the sort, despite its $40 asking price.
David Maynor, chief technology officer of research and consulting firm Errata Security, said that one area where attackers may seek to assail the Mac OS is via flaws found in some of the older open source libraries of software code used in the platform.
Apple also typically lags in patching issues found in those code libraries, such as with the Samba networking protocol used in the company's Mac OS X.
Even when the Samba open source community has created a fix for a known security issue, it often takes Apple three to four months to introduce a related patch for its products, giving any attackers looking to subvert Mac systems a lengthy window of opportunity to do so, Maynor maintained.
"If someone has a list of these open source security issues in the projects included in Mac OS, they could use that against OS X users," said Maynor. "Samba is a perfect example, as there is generally a large window there."
http://www.infoworld.com/archives/emailPri...-attacks_1.html
