The same winner from last year used a vulnerability to break into the OS by creating a "malicious" link. This still requires the user to click the link, of course. Some would argue that this is still not a generally usable means of attack. But it still means Apple has work to be done.
And I would assume that, even if this means was used to "gain control," that the control will still be limited by the priveledges of the user already logged in. Another reason to
not allow automatic log in or run as Administrater in a less than firewalled and secure area.
Expect to see more about this 'exploit' in the next few days.
