Mac OS X and Windows versions of the software are both affected, and the flaws could lead to unintentional disclosure of information or the ability to remotely execute malware.
The exploit occurs when an attacker directs the user to a web page containing a specially crafted Java applet. The update allows the software to check and prevent the launch of the malformed code.
The second vulnerability also lies within the Java component of QuickTime. Apple said that unpatched versions of QuickTime fail to clear browser memory, possibly allowing a malicious Java applet to capture whatever information is being stored.
Apple's update forces QuickTime to clear the memory before an untrusted applet can be run.
Windows users can download the update from Apple's support website. Mac users can get the update through the OS X Software Update component.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago