Apple released two patches on Wednesday to fix vulnerabilities in its QuickTime media-player software for both Mac OS X and Windows.

One update patches seven flaws in QuickTime for Apple's Mac OS X as well as Microsoft's Windows XP and Vista operating systems, according to the advisory. The seven vulnerabilities all involve the player's handling of user-provided input — six flaws stem from file handling and the seventh from processing a URL — and could lead to remote code execution.

The second update fixes a single flaw in the MPEG-2 component of the QuickTime media player for Windows, which is not installed by default. Viewing a maliciously crafted MPEG-2 movie could compromise the victim's PC, according to the advisory.

All eight flaws fall into the category of improper input validation, a major source of software vulnerabilities. Earlier this month, a group of industry, government and academic security experts released a list of the Top-25 programming errors that cause security issues. "Improper input validation" tops the list.

Apple's patches are the first software update for QuickTime since the company issued version 7.5.5 of the media player last September to fix nine security issues.

Mac OS X users can get the update by using the "Software Update..." command in the Apple menu. Both Mac and Windows users can also download the patches from the Apple's Web site.

If you have tips or insights on this topic, please contact SecurityFocus.