It gets worse - OS X vulnerability
Update: ICSAN says it is worse than first though:
http://isc.sans.org/diary.php?storyid=1138
"This actually looks more serious then we initially thought it is. The workaround specified above will prevent Safari from automatically executing the PoC file, but it looks like your machine is still vulnerable and it doesn't need Safari to run this file at all."
Original blog article:
http://msmvps.com/blogs/spywaresucks/archive/2006/02/21/84348.aspx
Edit: Secunia have caught up :)
http://secunia.com/advisories/18963/