This is still in the early phases of discussion, but it seems Apple QuickTime has a vulnerability that may be remotely exploited to take complete control of an affected system. The flaw is related to Java processing and is exploitable by attackers to execute arbitrary commands on a vulnerable Apple OS X or Microsoft Windows system. Safari and Firefox have been confirmed on MacIntel. The attack vector simply requires a user to visit a malicious HTML page via a web-browser.
The only known workaround at this time is to disable Java.
This may be the Zero-Day that 3Com is promising to announce.
ZDI-CAN-190 Apple (CanSecWest Mac Hack) High 2007.04.23, 1 days ago