Apple has released Security Update 2006-008 for Mac OS X 10.4.8 (client and server). The update addresses a vulnerability in Quicktime for Java and Quartz Composer.
It appears as though the update fixes a vulnerability where a specially-crafted Java applet could obtain images rendered on screen by embedded QuickTime objects and upload them to the originating website. Because QuickTime can be used in conjunction with Quartz Composer, this could theoretically allow a hacker to craft a applet that could obtain an attached (or built-in) iSight camera's images. While external iSight cameras have the ability to physically close an iris and turn the camera off, built-in iSight cameras (such as on the MacBook, MacBook Pro, and iMac) can not be physically turned off.
More detailed information can be found via this tech note.
