Apple released a security update for QuickTime 7.1.6 on Tuesday that addressed two potential Web-based security vulnerabilities. Both involve visiting Web sites that execute maliciously-crafted Java applets.
The security update blocks a QuickTime for Java threat that could potentially allow an attacker to install or manipulate objects outside of the bounds of the allocated memory heap and run arbitrary code. It also blocks a second QuickTime for Java threat that could allow an attacker to view sensitive information stored in computer memory.
The update is free and available through Appleis Software Update application, or as a standalone installer from the Apple Support Web site.