TidBITS:

The disclosure this week of a major bug in a common Unix tool set of an earthquake in the security community. Not only was nearly every version of Unix vulnerable, including Linux and OS X, but most of the initial patches are not completely effective at blocking the hole. It’s a near-worst-case scenario where we have a piece of software on nearly every non-Windows server on the Internet — and plenty of personal computers (thanks to Apple’s market growth) — that is vulnerable to multiple kinds of remote attacks, all capable of completely taking over the system, with no way to completely stop it.

Despite the severity, a combination of Apple’s design decisions and how we use Macs dramatically reduces the risk, but you still need to be careful and ready to patch.

While we got a statement from Apple earlier today, I always feel better when Rich Mogull weighs in on any matters Mac security related.