Apple has released QuickTime 7.4.1, a critical security update all users should apply immediately. It is available via Software Update and as a direct download for, , , and  systems.
This update patches a month-old zero-day vulnerability in the QuickTime streaming protocol (RTSP) that could allow an attacker to take over your computer if you visit a malicious Web site or receive an email with a malicious link. In security parlance, we call this "remote execution of arbitrary code," using a vulnerability for which no patch exists (the "zero-day" part). This is similar to a previous vulnerability in RTSP that Apple patched in the QuickTime 7.3.1 update (see "," 2007-12-14).
As usual, release notes are a sparse "addresses security issues and improves compatibility with third-party applications." A separate, but the security information isn't even referenced by the release notes on the , although they do appear on the .
Since this vulnerability has been in the wild with sample exploits for nearly a month, it is absolutely critical to apply the patch as quickly as possible.