So Dragos just announced before lunch that within 10 minutes of opening Day 2 of the pwn2own contest - the Mac has fallen. Wonder what took so long? :)
UPDATE: Just talked with Dragos - the finder is signing with ZDI to get paid - so no vuln details for us. But we DO know that there was no 3rd party software on the box yet so the 0-day is in some inbox software.
Also it looks like some researchers have discovered that we're actually not so bad at patching 0-day: http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=spam__malware_and_vulnerabilities&articleId=9072498&taxonomyId=85