Security News

On Tuesday, Apple released Security Update 2013-003 to address multiple QuickTime vulnerabilities. “Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution,” described Apple. Security Update 2013-003 is recommended for all users and improves the security of Mac OS X.

The QuickTime software update is available for Mac OS X v10.6.8, OS X Lion v10.7.5, and OS X Mountain Lion v10.8.4.

Overall, a total of 3 CVEs are fixed in the Quicktime update, all of which are related to unexpected application termination or arbitrary code execution.

• CVE-2013-1019 : A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking.
• CVE-2013-1018 : A buffer overflow existed in the handling of H.264 encoded movie files. This issue was addressed through improved bounds checking.
• CVE-2013-1022 : A buffer underflow existed in the handling of ‘mvhd’ atoms. This issue was addressed through improved bounds checking.

You can update through Apple’s Software Update tool by choosing Apple menu > Software Update when ready to install, or you can go directly to Apple’s support page to download the updates from there. For OS X Snow Leopard users, you can go here to download the 349.5 MB update. OS X Lion users can go here to download the 61 MB update. Lastly, OS X Mountain Lion users can go here to download the 20.4 MB update.