According to Apple, the first problem is related to the implementation of QuickTime for Java “which could allow the instantiation or manipulation of objects beyond the limits of the allocated heap.” When a user visits a web page that contains a malicious Java applet, a hacker could take advantage of this flaw to execute arbitrary code.
The problem has been solved by applying additional validations on Java applets.
The second problem could reveal sensitive information. Again related to QuickTime for Java, this problem could allow the memory of the Web browser to be read by a Java applet. This update solves the problem by clearing memory before allowing it to be used by Java applets.
The security update for QuickTime 7.1.6 is available through the Software Update feature of Mac OS X.