For the attack to work, users must be logged in as an administrator.
Which is exactly why you only login to root for very special and limited circumstances...
A researcher has demonstrated how a security bug in Apple's QuickTime media player that was disclosed a year ago can cause Firefox to install backdoors and other malware on a fully patched computer. He said both Windows and Mac systems are vulnerable. The researcher, Petko D. Petkov, on Wednesday posted proof-of-concept code …
I have made in the past, I'm really not in the Windows, Open Source, or *inx camp. I just want tools that make business as easy as possible.
However, I do have to say early predictions about market dominance and (in)security are proving themselves true. As more people adopt non Windows products, more bad guys are going to target them. Hacking anything but MS has traditionally been a waste of time, but as other products start to acquire market share they become viable targets.
IT security for the masses is a joke. Considering that people have been trying for thousands of years to secure physical assets, and still fail, it'll be a really, really, long time before it's "absolutely safe" to be online.
Any windows users stupid enough to be using quicktime as their primary media player deserve everything they get.
Quicktime doesn't even pretend to try and integrate into windows properly. It gives a nice mac user interface using mac interface conventions, which is infuriating if you are not using a Mac because they are completely different to all other applications.
The "if more people used Linux/Unix there would be more exploits for it" argument is bogus. It's a variant of the "security through obscurity" argument, and is possibly a result of a too narrow-sighted view of IT as a whole.
The vast majority of Internet servers run Unix, yet Windows boxes remain the softest targets. Not because Unix machines can't be cracked (historically, most famous cracks were against Unix, which used to be perceived as having weak security compared to the competition!) or aren't attractive targets - in fact, cracked Unix hosts are highly prized among black hats because one can do more with them than with the average Windows PC.
The fact that vast hordes of Windows desktops can be trivially taken over by random script kiddies has litle to do with their market dominance, and the fact that this is harder to do with the various *nix flavours has little to do with their lack of presense in the desktop field.
"admin-level" in OSX isn't the same as root. AFAICT, you get sudo privilege and access to files/folders in the admin group so you could do some damage but it is limited.
Obviously, more damage can be done once you have responded to a prompt for your password but who would be dumb enough to do that? Oh, wait...