There's been a lot of discussion following the discovery of a bona fide worm for OSX - "Leap-A" or perhaps "Oomp-A" (depending which AV firm's deconstruction you read) - which spreads via iChat and tries to spread via other methods too.
As John Gruber points out, the mechanism that it uses to spread itself is by inserting its code into applications, by insinuating itself into them as they launch through a folder called "InputManagers" (sic).
There are actually two of these folders: one in your "home" directory (which is where all your documents etc live) and another at the higher level of the directory hierarchy. (Just imagine I'm waving my hands around as you read this.)
As Gruber explained some time ago, the InputManagers folder is a potentially dangerous one. It has been exploited in a sort-of-good way to create "Smart Crash Reports", where if an application crashes then the details will get sent back to the developers as well as to Apple.
But because that folder also lets code inside it be loaded potentially into every application that you (as a user) run, there are big risks. And now someone has clearly read the articles and come up with a worm that can exploit those foibles.
So how do you protect yourself? It's fairly simple. Assuming you have an administrator login on your machine, first go to your home folder. Go to "Library" and look inside that for "InputManagers". Highlight it, click Apple-i (for information) and look at the "Ownership and Permissions" bit. Then set the owner to "system" (you'll probably have to give your password for this) and set "group" access to "Read only".
What does this do? It means that if anything tries to change your InputManagers folder, it will bring up a dialog asking for your permission. Be wary if you're not installing something that you'd expect to ask this.
Do the same for the InputManagers folder that you'll find at the "Macintosh HD" level of your machine, and you should be covered until another hole shows up.
But what this example shows most of all is that social engineering can trump good engineering. OSX is fairly well written from a security point of view, but the existence of the InputManagers folder and the potential to let them load code into any application isn't really good. It will be interesting to see if Apple lets this loophole exist much longer. Yes, InputManagers can be useful - I run an application called MenuCalendarClock which pretty much needs it, and people who use Saft to enhance Safari rely on it. But if hackers can exploit it, is it that useful? Because where one bit of malware goes, more are sure to follow.
