So I have heard some things about systems other than bigfix that suggests to me that this could affect bigfix’s use of shell stuff on the mac since bigfix runs as root. I don’t think this is the case, but I’m less confident in that now since I haven’t tested this well.
It should be possible to tell if the root exploit was done to a machine by checking that the number of iterations is 1 for the password expansion. The problem is that it is a string of data that is a plist within another file, so it would be very hard to decode using relevance directly.