An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution.
Apple has patched the QuickTime flaw discovered in last weeks Hack a Mac contest. They have also posted new updates for both AirPort and FTPServer, which you can grab through the built-in software updater.
Source: Apple.com