New vulnerabilities appear all the time, but this one does appear to be one that should be noted.

Another generic complaint:

Lots of users, both Mac and Windows, use QuickTime. It is almost impossible to tell when an "update" is just advertising and when it includes a significant and necessary security fix, due to Apple's policy of never revealing anything about vulnerabilities or their patches.

From a recent article on "yet another QuickTime vulnerability" -

QuickTime has proved to be one of the more porous applications. Apple, which doesn't have a regular patching schedule like Microsoft, patched the application for at least the sixth time earlier this month, fixing 11 vulnerabilities.

Some of the vulnerabilites reported by others (but not by Apple) have been quite significant. If you must use QuickTime¹, especially in Windows, and haven't "upgraded" recently, it would be a good time to allow them to give you the latest version, and to accept their upgrads on a fairly regular basis.

Multimedia Flash players are another for which it's impossible to tell if a "new version" actually does something new or if it patches serious security vulnerabilities. There have been several reported major flaws, none admitted by the source but all apparently patched in newest versions. Older versions do remain vulnerable.

¹ I do have a couple of things that require QuickTime, but I've gotten so fed up with it that I install the latest version when needed, and UNINSTALL IMMEDIATELY when I'm done with the task that requires it. If you download and save the installation file to disk, you can flip it in and out fairly quickly, although patching up the other things it breaks often requires some cleanup after the uninstall.

John