Source please. I'm not aware of any remote root exploits for Mac OS X, and certainly not one that was known and unpatched for 6 months.
CERT's a good place to start. The problem with Apple's answers on CERT is that APPLE will usually say: "does not effect us"-- which is complete bull, thereby highlighting their own ignornace. The Apple folk just don't know UNIX.