Apple has released an update to Java 1.6.0_17 for Mac OSX 10.5 server and client to address various vulnerabilities. These include execution of malicious code outside the java sand box and handling of un-trusted java applets. Namely un-trusted applets can execute on the system with the privileges of the current user. The issues are addressed by improved bounds checking and limiting access of applet to com.sun.medialib.mlib.
This update does not require a restart but users need to quit their browser and should clear out their Java cache using the Java Preference Utility.