Security Update 2006-008 Special Report: Release notes
Security Update 2006-008 Special Report: Release notes
On December 19th, Apple released Security Update 2006-008 for Mac OS X 10.4.8 and Mac OS X 10.4.8 Server.
Release notes state:
"Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information. This update addresses the issue by disallowing Quartz Composer compositions in unsigned Java applets. Quartz Composer compositions continue to function locally. Applications and signed Java applets that utilize QuickTime and QuickTime for Java are unaffected. This issue does not affect systems prior to Mac OS X v10.4. It also does not affect the Windows platform. Credit to Geoff Beier for reporting this issue."
At first, this update may appear related to the "QuickTime/MySpace phishing" flaw that in part rests on the ability of QuickTime movies to automatically and involuntarily open URLs. It appears, however, that the update is unrelated to that still-extant flaw.
The update is available through Software Update or as a standalone download:
Index:
- Embedded QuickTime media problems (movies in Web pages won't play)
- AirPort connectivity issues
- General fixes for common issues
- Getting the update off your Mac
- Problems launching Photoshop
- Problems accessing iDisk, publishing through iWeb
- Release notes
- Some QuickTime for Java applications
- Unexpected quits
- Universal Access options inadvertently turned on (black box around cursor, etc.)
Resources