SANS Internet Storm Center, InfoCON: green is reporting “Mac OS X Apple UDIF Disk Image Kernel Memory Corruption, (Wed, Nov 22nd). A vulnerability has been reported in the way OS X handles corrupt DMG images…(more)”
Apple did pretty well with their proprietary apps on top of OS X, but one real bozo bit flipped was have the option to open 'safe' files enabled by default in Safari. That ASSuMEs that 'safe' files can't have a flaw that leads to… well, exactly what this exploit does. Remember, never open an untrusted attachment, whether on a web page or an email. And there are no trustworthy attachments. Test, confirm, verify, then install or run. If using Safari, turn off 'safe' files, because they are not.