APPLE-SA-2013-07-02-1 Security Update 2013-003

Discussion in 'Apple' started by Michelle Steiner, Jul 2, 2013.

  1. 10.6 is still being supported.

    APPLE-SA-2013-07-02-1 Security Update 2013-003

    Security Update 2013-003 is now available and addresses the
    following:

    QuickTime
    Available for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,
    OS X Lion v10.7.5, OS X Lion Server v10.7.5,
    OS X Mountain Lion v10.8.4
    Impact:  Playing a maliciously crafted movie file may lead to an
    unexpected application termination or arbitrary code execution
    Description:  A buffer overflow existed in the handling of Sorenson
    encoded movie files. This issue was addressed through improved bounds
    checking.
    CVE-ID
    CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
    working with HP's Zero Day Initiative

    QuickTime
    Available for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,
    OS X Lion v10.7.5, OS X Lion Server v10.7.5,
    OS X Mountain Lion v10.8.4
    Impact:  Playing a maliciously crafted movie file may lead to an
    unexpected application termination or arbitrary code execution
    Description:  A buffer overflow existed in the handling of H.264
    encoded movie files. This issue was addressed through improved bounds
    checking.
    CVE-ID
    CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

    QuickTime
    Available for:  Mac OS X 10.6.8, Mac OS X Server 10.6.8,
    OS X Lion v10.7.5, OS X Lion Server v10.7.5,
    OS X Mountain Lion v10.8.4
    Impact:  Viewing a maliciously crafted movie file may lead to an
    unexpected application termination or arbitrary code execution
    Description:  A buffer underflow existed in the handling of 'mvhd'
    atoms. This issue was addressed through improved bounds checking.
    CVE-ID
    CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day
    Initiative

    Security Update 2013-003 may be obtained from the Software Update
    pane in System Preferences, or Apple's Software Downloads web site:
    http://www.apple.com/support/downloads/

    The Software Update utility will present the update that applies
    to your system configuration.

    For OS X Mountain Lion v10.8.4
    The download file is named: SecUpd2013-003.dmg
    Its SHA-1 digest is: 5452c463819106ec30e9f365031f65f1b6c538c0

    For OS X Lion v10.7.5
    The download file is named: SecUpd2013-003.dmg
    Its SHA-1 digest is: c94eeaee2e329f75830140598c8973b6a8e1b22d

    For OS X Lion Server v10.7.5
    The download file is named: SecUpdSrvr2013-003.dmg
    Its SHA-1 digest is: 849d5d4fd5c5a46f84d3607a84b6957fe4f10a00

    For Mac OS X v10.6.8
    The download file is named: SecUpd2013-003.dmg
    Its SHA-1 digest is: 59f7be08ba2f3e343539c011793f7e31773f9caa

    For Mac OS X Server v10.6.8
    The download file is named: SecUpdSrvr2013-003.dmg
    Its SHA-1 digest is: 7586022106c870e46139016ddc5e667def454430

    Information will also be posted to the Apple Security Updates
    web site: http://support.apple.com/kb/HT1222
     
    Michelle Steiner, Jul 2, 2013
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.