Apple Releases Security Update 2013-003 for OS X Snow Leopard, Lion and Mountain Lion

by

Apple has released a security update for OS X Snow Leopard, Lion and Mountain Lion, Security Update 2013-003 for Snow Leopard, Lion and Mountain Lion. Apple's security update Knowledge Base article has not been updated with details about the release, but changes should appear soon.

Updates

About Security Update 2013-003 (Lion)

Security Update 2013-003 is recommended for all users and improves the security of OS X.

For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222

The update is available through the Mac App Store and Apple's software download website for Snow Leopard, Lion and Mountain Lion.

Top Rated Comments

(View all)
Avatar
95 months ago
PRISM fix - nice! Waiting for Snowden Lion now.
Score: 14 Votes (Like | Disagree)
Avatar
95 months ago
QuickTime fixes

The details have arrived via Apple's security-announce mailing list.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-07-02-1 Security Update 2013-003

Security Update 2013-003 is now available and addresses the
following:

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of H.264
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of 'mvhd'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day
Initiative

Security Update 2013-003 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies
to your system configuration.

For OS X Mountain Lion v10.8.4
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: 5452c463819106ec30e9f365031f65f1b6c538c0

For OS X Lion v10.7.5
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: c94eeaee2e329f75830140598c8973b6a8e1b22d

For OS X Lion Server v10.7.5
The download file is named: SecUpdSrvr2013-003.dmg
Its SHA-1 digest is: 849d5d4fd5c5a46f84d3607a84b6957fe4f10a00

For Mac OS X v10.6.8
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: 59f7be08ba2f3e343539c011793f7e31773f9caa

For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2013-003.dmg
Its SHA-1 digest is: 7586022106c870e46139016ddc5e667def454430

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJR0zpyAAoJEPefwLHPlZEwdZ8QAJvykdoFKGOHgn9HzpFJ+tbm
0uXPFrExBTcgpypxiZngJJ7Py46FyFvHR9EkfppJDBVEURDpu3/AJRBCi5GnvpoV
7yGPiy5vnHJzUn+wvKUloKIKQQoEbOqmh4f0lfgMsD5CQyZP4f2uulW3fSXrJNT2
bVUc8VrVuw3QSvjeIsl7ZneLHvCv/yZ8wepWS3bR8vPnyv7jLHtNbryKGL8Qhiwx
MZEMaV1xQzKn82+0J4C5+TXsoqxLGKZMmlHjY3XbueQaV4NyU6hHnWdhjKjQ7aI1
frPRoE5tPuv+uMI51bxHNXT7vTYKVaBO+d2RVLclGRXvWm0l0q8N+liNEGrnYNY/
nD3A6KriFyONILSMOeHQUCh5CHDmuNhArtOMRICcQqBUfbVQ4XbDyKi7+4vv1Eug
r4p8ViN5uM2SvbIfsmZR7VsydvxJZV9uiQmcVQRqu4Yu80jKqyBV0qHZtTnnC0td
gL0vqYY7JuSRB3QDOzWPvRk+x4KdCHNQitdqj+fSq0iqFKb3ovvOn7Ug+UEpq60P
EIiRORMtj/Gh/LmlVJg62Mtoq+dY/g5z1RBPBVfEINbMyTMFStqRtVcWFo2Augo/
ucFFQ671Xn8PoMJ/5PhGNjDCDSBzCyyAY8WGnMWS4uiIXt+rsrtBavc1L7j3LuYD
R0og2PzHJPrZVEzhSZBn
=0jKe
-----END PGP SIGNATURE-----

----------

Hmm, 20mb for 10.8, and a hefty 347mb for 10.6


That's the normal pattern. When Apple releases a security update it usually incorporates earlier security updates going back to the last minor system version number update (which incorporated all security updates prior to that point), so that people installing the system from scratch only need to apply a single system version update followed by a single security update, instead of multiple security updates.

This means that security updates are generally larger for older major system versions, because they have had a longer time since the last minor version number update, and more security updates have accumulated.

Snow Leopard has been accumulating security updates since 10.6.8 was released in June 2011.

Lion has been accumulating security updates since 10.7.5 was released in September 2012.

Mountain Lion's security update only needs to include this batch of fixes, since all earlier ones are included in 10.8.4, which was released in June 2013.
Score: 7 Votes (Like | Disagree)
Avatar
95 months ago
Thanks apple for keeping SL on track! :-)
Score: 6 Votes (Like | Disagree)
Avatar
95 months ago
I wonder how much longer Snow Leopard support will continue after Mavericks is released?
Score: 5 Votes (Like | Disagree)
Avatar
95 months ago

Nothing for Snow Leopard? What does it fix exactly?


Did you actually read anything or did you jump straight to comment? Jack wagon...
Score: 5 Votes (Like | Disagree)
Avatar
95 months ago
So glad for this. I won't abandon SL for the desktop, as long as APPLE keeps those security updates cummin'.....:)
Score: 4 Votes (Like | Disagree)

Top Stories

iPhone 12 Pro in Graphite and iPhone 12 in Blue Shown Off in Unboxing Videos

Monday October 19, 2020 8:20 am PDT by
While the iPhone 12 Pro does not launch until Friday, we now have an early unboxing video of the device courtesy of Twitter account DuanRui, providing a closer look at the shiny new flat-edge design and sleek Graphite color option. Ben Geskin re-uploaded the unboxing video to YouTube, which we've embedded below: Geskin has also uploaded an unboxing video of the iPhone 12 in Blue: ...

Kuo: iPhone 12 Pro Demand Higher Than Expected

Sunday October 18, 2020 10:39 pm PDT by
TF International Securities analyst Ming-Chi Kuo released a research note this morning detailing what he's seen with the volume of iPhone 12 and iPhone 12 Pro pre-orders in the first weekend of sales. Kuo had previously indicated that Apple's estimated shipment allocations for the new iPhone models placed the iPhone 12 at the top with 40-45% of inventory allocation (up from 15-20%). However, ...

New Photos Offer Better Look at iPhone 12 Color Options

Tuesday October 20, 2020 2:34 am PDT by
As we wait for the iPhone 12 review embargo to lift later today, more pictures are circulating of the devices in real-world lighting conditions, providing a better look at the different colors available. Leaker DuanRui has shared images on Twitter of the iPhone 12 in white, black, blue, green, and (PRODUCT)RED. The black and white colors are similar to the iPhone 11 colors, but the other...

Hands-On With Apple's MagSafe Charger for iPhone 12

Monday October 19, 2020 11:54 am PDT by
Alongside the new iPhone 12 models, Apple introduced a MagSafe charger that attaches to the back of the iPhones using magnets embedded both in the charger and in the iPhone. It allows for speedier charging and paves the way for a portless iPhone in the future. MagSafe chargers are shipping out and are in some Apple retail locations now, and we picked one up to check it out. Subscribe to the ...

Some Apple Watch SE Owners Experiencing Issues With Overheating [Updated]

Monday October 19, 2020 11:38 am PDT by
There may be an issue with the new Apple Watch SE, which some users have found is overheating after a few hours of usage. Several Apple Watch SE owners in South Korea have run into problems, as noted in a Reddit post chronicling the complaints. There have been six reports from Apple Watch SE owners in South Korea who have had their Apple Watches get hot and malfunction, with a yellow spot...

Apple's New MagSafe Charger and Cases Begin Arriving to Customers

Saturday October 17, 2020 10:10 am PDT by
Apple's new MagSafe charger and cases have begun arriving to some customers earlier than expected, and images of the accessories have started to surface on Twitter. The photos provide a first look at the products in real-world use. As of writing, some MagSafe cases are also available for pickup at select Apple Stores in countries like the United States, Canada, and Germany. Filip...

Apple Releases iPadOS and iOS 14.1 With Multiple Bug Fixes Ahead of iPhone 12 Launch

Tuesday October 20, 2020 10:06 am PDT by
Apple today released iOS and iPadOS 14.1, the first major updates to the iOS and iPadOS 14 operating system updates that were released in September. iOS and iPadOS 14.1 come a week after Apple released the golden master versions of the updates to developers. The iOS 14.1 update can be downloaded for free and it is available on all eligible devices over-the-air in the Settings app. To access...

Watch: iPhone 12 and iPhone 12 Pro Unboxing Videos and First Impressions

Tuesday October 20, 2020 6:05 am PDT by
Apple's embargo has lifted for iPhone 12 and iPhone 12 Pro reviews. In addition to our detailed review roundups for each device, we've rounded up over a dozen unboxing videos and first impressions below. iPhone 12 in Blue on left and iPhone 12 Pro in Pacific Blue on right via Engadget Key new features of the iPhone 12 and iPhone 12 Pro include a flat-edge design, 5G support, a much faster A14 ...

Apple Plans to Enable 5G in Dual SIM Mode With Software Update Later This Year

Monday October 19, 2020 9:20 am PDT by
iPhone XS models and newer feature both a physical SIM slot and a digital eSIM, allowing for a feature known as dual SIM, dual standby. This means you can have two lines of service on one iPhone, which is useful for purchasing data-only plans while traveling abroad or having personal and business lines on a single iPhone. 5G will not be available in Dual SIM mode on the iPhone 12 and iPhone...

Brazilian Certifications Suggest iPhone 12 Mini Features 2,227mAh Battery and iPhone 12 Has 2,815mAh Battery

Friday October 16, 2020 1:08 pm PDT by
Apple's iPhone mini has the shortest battery life out of all the iPhones in the iPhone 12 lineup due to its small size, but Apple has not provided public information about the battery's capacity. A regulatory filing from Brazil, however, suggests the iPhone 12 mini has a battery capacity of 2,227mAh. The same regulatory information says the iPhone 12 features a 2,815mAh battery, which is...