Security Researcher Trammell Hudson discovered that malicious code can be uploaded to a Mac creating persistent bootkit malware. Apple is aware and working on a fix, some Macs already have a partial patch. Older Macs may stay vulnerable. The bad guys need to have physical access to your Mac. A very detailed report can be found
on his site.