Mac OS X Security Update Addresses QuickTime Java Issue

Apple Computer released Tuesday Security Update 2006-008, a Mac OS X patch that addresses a security threat involving QuickTime and Java. The patch changes the way Java handles Quartz Composer compositions.

From the detailed update notes on Appleis security site: "Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information. This update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets. Quartz Composer compositions continue to function locally. Applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. This issue does not affect systems prior to Mac OS X v10.4. It also does not affect the Windows platform. Credit to Geoff Beier for reporting this issue."

The patch can be downloaded through Software Update, and weighs in at 2.7MB.