The MoKB (Month of Kernel Bugs) has posted details of a critical flaw in the AppleDiskImageController for Mac OS X along with the proof-of-concept. This exploit can trigger kernel-mode arbitrary code execution which means the attacker can run anything they want on your computer with all privileges. According to the MoKB website, "It's been tested on an up-to-date (20-11-2006) Mac OS X installation, running on an Intel 'shipping' Mac".
Since the DMG image structure files can be downloaded and automatically executed as a "safe" file by Safari, it is highly recommended that Mac OS X users deactivate the open after download feature for DMG files. Users should also be wary of manually opening any DMG files.