WordPress 2.3.3 is an urgent security release. A flaw was found in our XML-RPC implementation such that a specially crafted request would allow any valid user to edit posts of any other user on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs.
Within hours of going live, the “rm-my-mac” competition was over. The challenger posted this message on his Web site: “This sucks. Six hours later this poor little Mac was owned and this page got defaced”.
The hacker that won the challenge, who asked ZDNet Australia to identify him only as “gwerdna”, said he gained root control of the Mac in less than 30 minutes.
zdnet.com.au
That was the medias view of what happened.
“Watch out though, I’m coming to get you with a whole book of undocumented exploits! Just create me an admin account on your machine first and close your eyes!”
Cult of Mac Blog
And this is what really happened.
Please read both news articles.