Apparently, it’s pretty easy, with numerious unpublished exploits floating around.
“It probably took about 20 or 30 minutes to get root on the box. Initially I tried looking around the box for certain mis-configurations and other obvious things but then I decided to use some unpublished exploits — of which there are a lot for Mac OS X,” gwerdna told ZDNet Australia .
Apparently there are OSX security hardening guides you should follow. I wonder if Joe User could handle hardening his Mac Mini on his own? 😛