If you don't use video content prepared with Apple's ProRes codec and you're not rushing to upgrade iTunes to version 8.2 (because you don't have an iPhone), you might be tempted to delay installing QuickTime 7.6.2.

But 7.6.2 also contains fixes for eight security flaws that could be exploited using various types of malformed files.

The handling of Sorensen 3 video, FLC (Autodesk) animation, and PICT, JPEG2000 and (Photoshop) PSD images all had flaws that could be lead to arbitrary code execution (a Bad Thing) just by opening a malicious file.

Messing with various 'atoms' within movie files could also be used to similar ends.

Let's face it, fooling someone into opening a web page containing such a malicious file isn't particularly difficult. That's exactly the scenario used by Charlie Miller to win a MacBook and $5000 in the Pwn2Own contest at the CanSecWest conference earlier this year. (Apple credits Miller for reporting the JPEG2000 vulnerability.)

And experience shows that if someone 'accidentally' receives an email that seems to be intended for someone else, there's a fair chance they'll be tempted to take a peek at an attached document. And if that contains a 'poisoned' image...

As for iTunes, you probably should update even if you don't own an iPhone. There's a security fix that improves checking when opening itms: URLs. Previously, there was potential to cause arbitrary code execution with a maliciously crafted link.

One other minor change I've noticed is that after syncing with an iPod, iTunes now reminds you to eject the device before unplugging it.

Anyway, I'd suggest you run Software Update (or download the updaters from Support Downloads) and get up to date.