Apple has released a security update for OS X Snow Leopard, Lion and Mountain Lion, Security Update 2013-003 for Snow Leopard, Lion and Mountain Lion. Apple's security update Knowledge Base article has not been updated with details about the release, but changes should appear soon.

Updates

About Security Update 2013-003 (Lion)

Security Update 2013-003 is recommended for all users and improves the security of OS X.

For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222

The update is available through the Mac App Store and Apple's software download website for Snow Leopard, Lion and Mountain Lion.

Top Rated Comments

lars666 Avatar
152 months ago
PRISM fix - nice! Waiting for Snowden Lion now.
Score: 14 Votes (Like | Disagree)
dempson Avatar
152 months ago
QuickTime fixes

The details have arrived via Apple's security-announce mailing list.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-07-02-1 Security Update 2013-003

Security Update 2013-003 is now available and addresses the
following:

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of H.264
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of 'mvhd'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day
Initiative

Security Update 2013-003 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies
to your system configuration.

For OS X Mountain Lion v10.8.4
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: 5452c463819106ec30e9f365031f65f1b6c538c0

For OS X Lion v10.7.5
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: c94eeaee2e329f75830140598c8973b6a8e1b22d

For OS X Lion Server v10.7.5
The download file is named: SecUpdSrvr2013-003.dmg
Its SHA-1 digest is: 849d5d4fd5c5a46f84d3607a84b6957fe4f10a00

For Mac OS X v10.6.8
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: 59f7be08ba2f3e343539c011793f7e31773f9caa

For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2013-003.dmg
Its SHA-1 digest is: 7586022106c870e46139016ddc5e667def454430

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJR0zpyAAoJEPefwLHPlZEwdZ8QAJvykdoFKGOHgn9HzpFJ+tbm
0uXPFrExBTcgpypxiZngJJ7Py46FyFvHR9EkfppJDBVEURDpu3/AJRBCi5GnvpoV
7yGPiy5vnHJzUn+wvKUloKIKQQoEbOqmh4f0lfgMsD5CQyZP4f2uulW3fSXrJNT2
bVUc8VrVuw3QSvjeIsl7ZneLHvCv/yZ8wepWS3bR8vPnyv7jLHtNbryKGL8Qhiwx
MZEMaV1xQzKn82+0J4C5+TXsoqxLGKZMmlHjY3XbueQaV4NyU6hHnWdhjKjQ7aI1
frPRoE5tPuv+uMI51bxHNXT7vTYKVaBO+d2RVLclGRXvWm0l0q8N+liNEGrnYNY/
nD3A6KriFyONILSMOeHQUCh5CHDmuNhArtOMRICcQqBUfbVQ4XbDyKi7+4vv1Eug
r4p8ViN5uM2SvbIfsmZR7VsydvxJZV9uiQmcVQRqu4Yu80jKqyBV0qHZtTnnC0td
gL0vqYY7JuSRB3QDOzWPvRk+x4KdCHNQitdqj+fSq0iqFKb3ovvOn7Ug+UEpq60P
EIiRORMtj/Gh/LmlVJg62Mtoq+dY/g5z1RBPBVfEINbMyTMFStqRtVcWFo2Augo/
ucFFQ671Xn8PoMJ/5PhGNjDCDSBzCyyAY8WGnMWS4uiIXt+rsrtBavc1L7j3LuYD
R0og2PzHJPrZVEzhSZBn
=0jKe
-----END PGP SIGNATURE-----

----------

Hmm, 20mb for 10.8, and a hefty 347mb for 10.6

That's the normal pattern. When Apple releases a security update it usually incorporates earlier security updates going back to the last minor system version number update (which incorporated all security updates prior to that point), so that people installing the system from scratch only need to apply a single system version update followed by a single security update, instead of multiple security updates.

This means that security updates are generally larger for older major system versions, because they have had a longer time since the last minor version number update, and more security updates have accumulated.

Snow Leopard has been accumulating security updates since 10.6.8 was released in June 2011.

Lion has been accumulating security updates since 10.7.5 was released in September 2012.

Mountain Lion's security update only needs to include this batch of fixes, since all earlier ones are included in 10.8.4, which was released in June 2013.
Score: 7 Votes (Like | Disagree)
macnisse Avatar
152 months ago
Thanks apple for keeping SL on track! :-)
Score: 6 Votes (Like | Disagree)
Cubert Avatar
152 months ago
I wonder how much longer Snow Leopard support will continue after Mavericks is released?
Score: 5 Votes (Like | Disagree)
joelvega125 Avatar
152 months ago
Nothing for Snow Leopard? What does it fix exactly?

Did you actually read anything or did you jump straight to comment? Jack wagon...
Score: 5 Votes (Like | Disagree)
macs4nw Avatar
152 months ago
So glad for this. I won't abandon SL for the desktop, as long as APPLE keeps those security updates cummin'.....:)
Score: 4 Votes (Like | Disagree)

Popular Stories

iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive an All-New Perk

Thursday February 6, 2025 11:21 am PST by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. iCloud+ is the official name for Apple's paid iCloud storage plans, which range from 50GB for $0.99 per month to 12TB for $59.99 per month in the United States. iCloud+ plans already come with multiple perks for free, such as Hide My Email and HomeKit Secure Video, and now there is another one...
iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
iPhone SE 4 Single Camera Thumb

iPhone SE 4 Launching as Soon as Next Week

Thursday February 6, 2025 3:30 pm PST by
Apple's next-generation iPhone SE could debut as soon as next week with a launch to follow later in February, reports Bloomberg's Mark Gurman. Apple isn't expected to hold an event for the iPhone SE 4, and will instead unveil the device through a press release. The iPhone SE 4 is expected to have an iPhone 14-style design, with Apple eliminating the thick bezels and Touch ID Home button of...
iCloud General Feature Redux

Apple Ordered by UK to Create Global iCloud Encryption Backdoor

Friday February 7, 2025 2:37 am PST by
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post. The undisclosed order is said to have been issued last month, and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before...
2007 iPhone

Apple Discontinuing This 18-Year-Old iPhone Feature

Saturday February 8, 2025 3:51 pm PST by
The end of an 18-year era is on the horizon for the iPhone. Apple reportedly plans to announce a new iPhone SE as soon as next week, and the device is expected to feature a full-screen design with Face ID, instead of a Touch ID home button. That means Apple will no longer sell any new iPhone models with a home button, for the first time since the original iPhone launched. The home button...
iOS 18

iOS 18.3.1 Update Coming Soon for iPhones

Thursday February 6, 2025 7:31 am PST by
Apple is internally testing iOS 18.3.1 for iPhones, according to our website's analytics logs, which have been a consistently reliable indicator of upcoming iOS versions. The software update should be released within the next few weeks. iOS 18.3.1 should be a minor update that addresses software bugs and/or security vulnerabilities. Apple Intelligence notification summaries for news and...
Apple Leak Feature

Apple Leaker Issues Apology: 'Profound and Expensive Mistake'

Friday February 7, 2025 9:21 am PST by
Last year, we reported that Apple sued its former software engineer Andrew Aude for providing journalists with confidential information about the company's future plans, including details about the Journal app, Vision Pro headset, and more. As reported by 9to5Mac, the Superior Court of Santa Clara County on Thursday dismissed the lawsuit after Apple and Aude reached an agreement to resolve...
maxresdefault

An Apple TV Refresh is Coming in 2025 - Here's What You Should Know

Wednesday February 5, 2025 10:17 am PST by
Apple hasn't refreshed the Apple TV since 2022, but rumors suggest that we're finally going to get an update in 2025. We don't have a full picture of what to expect yet, but we have some hints on what's coming. Subscribe to the MacRumors YouTube channel for more videos. Updated A-Series Chip The current Apple TV 4K uses the A15 Bionic chip that was in the iPhone 13 lineup, and it's time for...