I found this very funny as there is no documentation and just hear say.... forensic tests show no proof either ..... last time something like this happened with a OSX Trojan the same company that found the exploit had a fix the same day for $25, but the exploit could not be deployed..... it is all common sense.
http://www.securityfocus.com/news/11375
http://www.securityfocus.com/news/11375