This article at SANS Internet Storm Center warns that
…a serious vulnerability has been found in Apple Safari on OS X. “In its default configuration shell commands are execute[d] simply by visting a web site – no user interaction required.” This could be really bad. Attackers can run shell scripts on your computer remotely just by visiting a malicious website.
You’ve been warned. Be careful out there.
PSA’d at Conservative Cat
Yep, and this is just after the first two viruses were discovered on OS X (even though one was never found “in the wild”).