Newsflash - Internet Unsafe
"It is a trivial matter, according to Harding, to use any one of several well-known techniques to trick a user into installing a malicious program posing as an update from Apple. Such techniques include DNS spoofing and DNS Cache Poisoning."
Now maybe Apple are to blame for not using SSL and signed installers but this "hack" is lame big time. I hear that your hosts file is dangerous too, delete it now!
Of course, he added the backdoor to SSH. Which you could exploit anyway if you hadn't recently updated: