Cite or retract. I'm pretty sure it *has* been fixed in Safari and certainly the fix went into Webkit very quickly.
The knowledge base article was describing fixes in Quicktime 7.5. Are you sure this stuff hasn't already been fixed.
Sure, a lot of it has. There are other's that have not. However, before it's fixed it's a vulnerability. There are other vulnerabilities still outstanding, such as the ARD "automatic root for anyone that wants it" vulnerability.
Code:
osascript -e 'tell application "ARDAgent" to do shell script "whoami"'
You've got root!
Noting these vulnerabilities (again you can search CERT for many, many more both patched and unpatched) led into the rest of my post. As with windows, the #1 reason for a system being compromised is a combination of ignorant users, not being patched, and yet to be fixed vulnerabilities.
To expand on this, OSX has a very similar weakness to windows. You're tied to the apple development cycle in large part. Say bind comes out with a remote exploit vulnerability. The BIND developers release a patch immediately. As such, rpm's for Enterprise Redhat, debs for debian, etc. hit the repositories within 24 hours. An Apple admin is faced with a more difficult decision. He can patch immediately, but this might break compatibility with apple as they often customize software so it is not quite "standard". Further, the next patch could overwrite your changes you try to match compatibility by installing into the same system directories. If you divorce yourself from the apple release such as rolling your own and installing into /usr/local you'll begin wondering why you don't just use an open source solution that has a better reaction time.
I'm not digging apple for this, it's a consequence of the "tightly integrated, easy management" they provide. It's the same consequence we see in Windows servers to a degree.
I'm just saying, it's easy to point fingers and degrade the #1 target in the industry....we'll just have to wait and see how Apple field's the ball when and if it's ever their turn.