The "hack a Mac" contest ended with one of them being compromised. It is of note that it was done via the Safari web browser. This is of note because it once again illustrates that the attack surface of choice nowadays is the thin client. There are no longer default system services being exploited monthly. Operating systems have been hardened over the past several years. What we see now are the actual work stations themselves getting hit via their browsers. It is no big secret that browsers have been vulnerable for years. Fairer question would be, when haven’t they? After all, it is easier to compromise a client by sending a link, then it is to send some cheesy trojan, which by and large are sheared off by content filters.