updated 04:15 pm EST, Tue December 19, 2006
Security Update 2006-008
Apple today released Security Update 2006-008, which provides a fix for security issue in QuickTime for Java and Quartz Composer, an underlying graphics display software component of Apple's Mac OS X. The update, available now via the Software Update and the Web, is available for Mac OS X 10.4.8 Tiger systems only (both client and Server). The company said that the flaw could malicious websites to access private information without the users' consent or knowledge: "Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information," Apple wrote in its security update. The update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets, but allow Quartz Composer compositions continue to function locally. The company said that applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. The same Mac OS X Tiger security update for PowerPC-based Macs is also separately available.