Apple has released a new version, 7.6.4, of the QuickTime media player for Mac OS-X and Windows. This update addresses four different security flaws, some of which could be exploited for remote code execution. The new version should be available via Apple’s Software Update function; alternatively, you can download the installer directly from this page. You may need to de-select an iTunes download bundled with the update.
(Note that Apple has one of those “too clever by half” sites that attempts to identify your system and only offer you the version for what it thinks you have. This means, for example, if you want to download the Windows version from a Linux machine, you will need to “spoof” your browser’s User Agent identification string. The Firefox extension, “User Agent Switcher“, is handy for this.)
I recommend installing this update as soon as you conveniently can.