There was a very good talk at defcon21 (I believe) about Apple Security. It wasn't super in-depth, it basically covered fire-walling.
Basically by default OSX ships with its firewall completely off. Turning on your firewall, blocks most ports except the few that are by default for standard black box mac services. If you turn on enhanced stealth mode firewall, you block pings. Not the entire IMCP protocol, just pings. And nothing else. So you can sync PRNG.
Also there is issues in bonjour's UDP handling which let you consume all CPU resources (pin the processor at 100% remotely, no permissions just UDP spam). Remotely, also bonjour can't be disabled or blocked by the GUI firewall.
:.:.:
A lot of people look at OSX and say, "Hey its a unix, I'm safe." And they aren't. No Unix is safe by default, even OpenBSD requires you watch what your doing.
People should also look into the full disk encryption feature provided, FileVault, because it's turned off by default. It's a little beyond your average security measures but it helps me sleep a little better.
Advice is fairly standard: don't make your main account an Admin account, give your password out sparingly to apps that ask for it, try to use only sandboxed apps (i.e. from the App Store), don't turn on un-needed services (these are mostly in the Sharing pane in System Preferences). If you don't like Apple's default firewall rules, I believe OS X has BSD-standard ipfw installed by default, so you can use that and modify it to your liking.
Mostly, though, I'd say don't panic. Keep OS X updated and you should be fine (inc. Flash if you use it in Safari, and keep rarely-used web plugins disabled by default). Zero-days are always a worry, but you'll never see them coming by definition, so there's not a lot you can do about it...
[Note, I am by no means an expert]
Edit: and, as another poster said, enable FileVault. It's a great, stable and fast (on modern Macs, any slow-down should be imperceptible to the user) protection against casual data theft if someone steals your computer.
I can't offer exactly domain advice. I don't use OSX myself. But I can offer board advice. Learn the options, learn what they do, learn why they do that, and what you gain.
Basically never trust a computer to keep you safe on its own, if it promises to its likely lying (or OpenBSD).
Windows is like living in the ghetto with bolted doors and windows. OSX is like living in the country side with doors open. Both are not that safe in somewhat different ways.
I understand OSX is the topic of the article. However, I don't think Linux fares any better. Should we really be happy that we're able to 'root' our phones?
Yes, two wrongs don't make a right, but given the presumed motivations of this article, it is important that everyone is aware of the security shortcomings of the phones, other computers and computer related services we use every day.
Rooting is left in as a feature for those who want more access to the OS, it's equivalent to complaining about sudo. There are certainly vulnerabilities when it comes to Linux (for example, programs running through X.org are relatively easy to snoop on), the advantage with a Linux OS is that you can choose to make it more secure because of its modularity.
Apple has a different task ahead of it because it's responsible for the whole OS stack. A successful model to follow is Microsoft's, they take security patches seriously.
Linux means more than just Android. Is Android going to have the best security out of the box? No. But that security can be improved if you want it to (checkout the Blackphone for example). With Apple devices you're reliant on Apple doing the security work, so like I said before it's better that they follow Microsoft's example of securing the devices.
Basically by default OSX ships with its firewall completely off. Turning on your firewall, blocks most ports except the few that are by default for standard black box mac services. If you turn on enhanced stealth mode firewall, you block pings. Not the entire IMCP protocol, just pings. And nothing else. So you can sync PRNG.
Also there is issues in bonjour's UDP handling which let you consume all CPU resources (pin the processor at 100% remotely, no permissions just UDP spam). Remotely, also bonjour can't be disabled or blocked by the GUI firewall.
:.:.:
A lot of people look at OSX and say, "Hey its a unix, I'm safe." And they aren't. No Unix is safe by default, even OpenBSD requires you watch what your doing.