Apple Computer on Tuesday released a fix for a QuickTime flaw that could expose information stored on a Mac to outside attackers. The problem lies in QuickTime for Java and affects Mac OS X 10.4.8 both on the server and client, but does not affect the Windows version of QuickTime, the company said in an alert. An update is available from Apple's Web site.
An attacker could use Java applets with QuickTime for Java to obtain images rendered on-screen by embedded QuickTime objects and then upload them to the originating Web site. When this method is used in conjunction with Apple's Quartz Composer, it becomes possible to capture images that may contain local information, Apple said.