MacSlash reports that corrupted .DMG files can be used to run arbitrary code on OS X. The Month of Kernel Bugs project has just proof of concept, where they tested this on an up-to-date installation of OS X on an Intel-powered production Mac.
Corrupt .dmg files are not properly processed by the kernel driver responsible for mounting them. They’ve posted a sample .dmg that causes a panic but the author of the report claims that arbitrary code execution is possible. Based on the debug output, that’s a credible claim. There’s no word on whether Apple has responded to this bug. To avoid this bug until Apple squashes it, be very careful where you get your .dmg files. And if you use Safari, don’t let it open “safe” files after downloading.
If you follow the MOKB link above, you can even download a disk image so you can reproduce the bug on your Mac.