Apple has released QuickTime 7.4.1, a critical security update all users should apply immediately. It is available via Software Update and as a direct download for Leopard [1], Tiger [2], Panther [3], and Windows [4] systems.
This update patches a month-old zero-day vulnerability in the QuickTime streaming protocol (RTSP) that could allow an attacker to take over your computer if you visit a malicious Web site or receive an email with a malicious link. In security parlance, we call this "remote execution of arbitrary code," using a vulnerability for which no patch exists (the "zero-day" part). This is similar to a previous vulnerability in RTSP that Apple patched in the QuickTime 7.3.1 update (see "QuickTime 7.3.1 Fixes RTSP Vulnerability [5]," 2007-12-14).
As usual, release notes are a sparse "addresses security issues and improves compatibility with third-party applications." A separate security note provides more details [6], but the security information isn't even referenced by the release notes on the download page [7], although they do appear on the security updates page [8].
Since this vulnerability has been in the wild with sample exploits for nearly a month, it is absolutely critical to apply the patch as quickly as possible.
[1]: http://www.apple.com/support/downloads/quicktime741forleopard.html
[2]: http://www.apple.com/support/downloads/quicktime741fortiger.html
[3]: http://www.apple.com/support/downloads/quicktime741forpanther.html
[4]: http://www.apple.com/support/downloads/quicktime741forwindows.html
[5]: http://db.tidbits.com/article/9363
[6]: http://docs.info.apple.com/article.html?artnum=307407
[7]: http://www.apple.com/support/downloads/
[8]: http://docs.info.apple.com/article.html?artnum=61798