Apple has released an update to QuickTime player, version 7.6.2 patches ten Java security holes. Eight of the patches apply to both Mac OS X (v. 10.4.11 and later) and Windows users, while two -- the CGRN problem and an integer-underflow error addressed in one of the PICT-related patches -- are strictly for users of XP SP3 and Vista. Apple also released an update to iTunes, addressing a stack buffer overflow issue that could be triggered if the user were to visit a maliciously crafted "itms:" URL.