Apple has patched the QuickTime bug that could allow someone to take your lindens in Second Life. The patch was released yesterday and is available here, there are several different versions available which is why I linked to the main downloads page instead of the individual updates.

Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution

Description: A buffer overflow exists in QuickTime’s handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data. Source: Apple

Linden Labs has stated they will release a mandatory viewer update to make sure everyone is up to date and not running the old QuickTime code while in Second Life.

Next steps: When Apple issues a corrected version of QuickTime closing this vulnerability, we will push a new mandatory viewer update that will verify you have an updated copy of QuickTime on your system before enabling the QT subsystem for use in Second Life. Those who choose not to enable video streaming will not need to update QT to continue to use Second Life. Comment from Joe Linden.

Popularity: 17%