Apple last week patched two flaws in QuickTime for Java. The patches fix holes in both the Windows and Mac OS X operating systems.
One QuickTime for Java flaw could leave you open to a drive-by download just by visiting a malicious website and triggering a booby-trapped Java applet.
The other, less dangerous hole, could expose the contents of your browser's memory to a miscreant's view. Apple didn't give away lot of details about how these holes could be exploited.
Vulnerable versions are QuickTime 7.1.5 and older. The good news is that if you don't have Java installed, you can't be attacked. Alternatively, you could disable Java. But there's no need to if you get Apple's updated (patched) version 7.1.6.