Ars reports on a pretty darn scary exploit that has the potential to write to EFI firmware. More serious than that, the exploit can be installed from userland, meaning there is no need to mess around with escalation-of-privilege. This exploit has been shown to work on all Macs older than the most recent models and requires a wake-from-sleep event to expose the vulnerability. I am not clear on whether it will be possible for Apple to issue some kind of software or firmware fix for this issue, but it sure does not look like a situation that inspires confidence in the brand. Obviously, firmware meddling survive the old "nuke-and-pave" and escapes the notice of most security inspection software, so this could be a really big problem.