Apple has released
Security Update 2006-008 for Mac OS X v10.4.8. The new update is available for download through the Software Update system preference or from Apple’s Web site.
According to Apple, the security update addresses issues related to Quartz Composer and QuickTime for Java.
“Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information,” said Apple in the update’s release notes.
“This update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets. Quartz Composer compositions continue to function locally. Applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. This issue does not affect systems prior to Mac OS X v10.4. It also does not affect the Windows platform. Credit to Geoff Beier for reporting this issue.”