You're either have one of the dryest senses of humour I've ever seen, or you're a moron. Just in case it's the latter, please consider the following steps.
1. Write simple Flash advert that will poison the DNS cache for apple.com
2. Buy a campaign on doubleclick.com, El Reg's ad supplier
3. Reroute swscan.apple.com to dodgy IP address.
4. Advertise an update for OS X. Deliver a trojan instead.
That's it. It doesn't matter if you're all patched and firewalled, if the upstream DNS isn't then the next Apple software update you install roots your box.
See that nice banner at the top of the page? Install the iDVD update that came out last Friday? Getting the picture yet?