The Metasploit framework serves as a real hacking barometer : if a flaw is turned into a Metasploit attack module, then it can be sure systems will get exploited in the wild.

The last QuickTime RTSP flaw was so far only "available" as a Metasploit module for Windows XP SP 2 and Vista. Now, a Mac OS X (both PowerPC and Intel) version is available too. And without an official patch from Apple, Mac users now find themselves in a spot Windows users know all too well : they need to watch their steps on the Internet !

The vulnerability lie within the handling of the RTSP protocol (TCP port 554 and UDP 6970 to 6999), used to stream audio and video content on the Internet. 

The best course of action for the moment is to disable QuickTime at least within the browser, as automatic-launching videos present the most immediate threat.

And while this flaw is not (yet ?) exploitable offline, it's not a bad idea to keep another media player around, for those times when the regular player is hit by a vulnerability and there is no patch around. For this purpose, VideoLAN (VLC) is probably the best option : free, really universal and available for both Mac and Windows.