Go Back   MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 2, 2013, 02:20 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Releases Security Update 2013-003 for OS X Snow Leopard, Lion and Mountain Lion




Apple has released a security update for OS X Snow Leopard, Lion and Mountain Lion, Security Update 2013-003 for Snow Leopard, Lion and Mountain Lion. Apple's security update Knowledge Base article has not been updated with details about the release, but changes should appear soon.

Quote:
About Security Update 2013-003 (Lion)

Security Update 2013-003 is recommended for all users and improves the security of OS X.

For information on the security content of this update, please visit this website: http://support.apple.com/kb/HT1222
The update is available through the Mac App Store and Apple's software download website for Snow Leopard, Lion and Mountain Lion.

Article Link: Apple Releases Security Update 2013-003 for OS X Snow Leopard, Lion and Mountain Lion
MacRumors is offline   0 Reply With Quote
Old Jul 2, 2013, 02:25 PM   #2
AnonMac50
macrumors 65816
 
Join Date: Mar 2010
Nothing for Snow Leopard? What does it fix exactly?
__________________
[Tutorial] Three Finger Drag on Non-supported Multitouch Macs (MAJOR UPDATES!!! (8/7/2013))
Front Row for Lion
Now I know why the maps icon wants you to jump off of a bridge!
AnonMac50 is offline   0 Reply With Quote
Old Jul 2, 2013, 02:34 PM   #3
lars666
macrumors 6502a
 
Join Date: Jul 2008
PRISM fix - nice! Waiting for Snowden Lion now.
lars666 is online now   14 Reply With Quote
Old Jul 2, 2013, 02:34 PM   #4
Michaelgtrusa
macrumors 601
 
Michaelgtrusa's Avatar
 
Join Date: Oct 2008
Location: Everywhere And Nowhere
Time for this update. Good news.
__________________
iMACAll life is an experiment. The more experiments you make the better.
TWITTER TUMBLR
Michaelgtrusa is online now   1 Reply With Quote
Old Jul 2, 2013, 02:53 PM   #5
Luap
macrumors 6502a
 
Luap's Avatar
 
Join Date: Jul 2004
Hmm, 20mb for 10.8, and a hefty 347mb for 10.6


Quote:
Originally Posted by AnonMac50 View Post
Nothing for Snow Leopard? What does it fix exactly?
Seriously??
Luap is offline   3 Reply With Quote
Old Jul 2, 2013, 02:58 PM   #6
Xaaris
macrumors newbie
 
Join Date: Dec 2011
It requires a restart
Xaaris is offline   0 Reply With Quote
Old Jul 2, 2013, 02:59 PM   #7
palmharbor
Banned
 
Join Date: Jul 2007
What?

Some day I would like to read:

Updates for applemail. copy paste, address book and calendar

but I don't expect it in my life time.
palmharbor is offline   2 Reply With Quote
Old Jul 2, 2013, 03:01 PM   #8
joelvega125
macrumors regular
 
Join Date: Jun 2010
Quote:
Originally Posted by AnonMac50 View Post
Nothing for Snow Leopard? What does it fix exactly?
Did you actually read anything or did you jump straight to comment? Jack wagon...
joelvega125 is offline   5 Reply With Quote
Old Jul 2, 2013, 04:15 PM   #9
dempson
macrumors member
 
Join Date: Jun 2007
Location: Wellington, New Zealand
QuickTime fixes

The details have arrived via Apple's security-announce mailing list.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

APPLE-SA-2013-07-02-1 Security Update 2013-003

Security Update 2013-003 is now available and addresses the
following:

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of H.264
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

QuickTime
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.4
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer underflow existed in the handling of 'mvhd'
atoms. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day
Initiative

Security Update 2013-003 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/

The Software Update utility will present the update that applies
to your system configuration.

For OS X Mountain Lion v10.8.4
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: 5452c463819106ec30e9f365031f65f1b6c538c0

For OS X Lion v10.7.5
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: c94eeaee2e329f75830140598c8973b6a8e1b22d

For OS X Lion Server v10.7.5
The download file is named: SecUpdSrvr2013-003.dmg
Its SHA-1 digest is: 849d5d4fd5c5a46f84d3607a84b6957fe4f10a00

For Mac OS X v10.6.8
The download file is named: SecUpd2013-003.dmg
Its SHA-1 digest is: 59f7be08ba2f3e343539c011793f7e31773f9caa

For Mac OS X Server v10.6.8
The download file is named: SecUpdSrvr2013-003.dmg
Its SHA-1 digest is: 7586022106c870e46139016ddc5e667def454430

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJR0zpyAAoJEPefwLHPlZEwdZ8QAJvykdoFKGOHgn9HzpFJ+tbm
0uXPFrExBTcgpypxiZngJJ7Py46FyFvHR9EkfppJDBVEURDpu3/AJRBCi5GnvpoV
7yGPiy5vnHJzUn+wvKUloKIKQQoEbOqmh4f0lfgMsD5CQyZP4f2uulW3fSXrJNT2
bVUc8VrVuw3QSvjeIsl7ZneLHvCv/yZ8wepWS3bR8vPnyv7jLHtNbryKGL8Qhiwx
MZEMaV1xQzKn82+0J4C5+TXsoqxLGKZMmlHjY3XbueQaV4NyU6hHnWdhjKjQ7aI1
frPRoE5tPuv+uMI51bxHNXT7vTYKVaBO+d2RVLclGRXvWm0l0q8N+liNEGrnYNY/
nD3A6KriFyONILSMOeHQUCh5CHDmuNhArtOMRICcQqBUfbVQ4XbDyKi7+4vv1Eug
r4p8ViN5uM2SvbIfsmZR7VsydvxJZV9uiQmcVQRqu4Yu80jKqyBV0qHZtTnnC0td
gL0vqYY7JuSRB3QDOzWPvRk+x4KdCHNQitdqj+fSq0iqFKb3ovvOn7Ug+UEpq60P
EIiRORMtj/Gh/LmlVJg62Mtoq+dY/g5z1RBPBVfEINbMyTMFStqRtVcWFo2Augo/
ucFFQ671Xn8PoMJ/5PhGNjDCDSBzCyyAY8WGnMWS4uiIXt+rsrtBavc1L7j3LuYD
R0og2PzHJPrZVEzhSZBn
=0jKe
-----END PGP SIGNATURE-----

----------

Quote:
Originally Posted by Luap View Post
Hmm, 20mb for 10.8, and a hefty 347mb for 10.6
That's the normal pattern. When Apple releases a security update it usually incorporates earlier security updates going back to the last minor system version number update (which incorporated all security updates prior to that point), so that people installing the system from scratch only need to apply a single system version update followed by a single security update, instead of multiple security updates.

This means that security updates are generally larger for older major system versions, because they have had a longer time since the last minor version number update, and more security updates have accumulated.

Snow Leopard has been accumulating security updates since 10.6.8 was released in June 2011.

Lion has been accumulating security updates since 10.7.5 was released in September 2012.

Mountain Lion's security update only needs to include this batch of fixes, since all earlier ones are included in 10.8.4, which was released in June 2013.
dempson is offline   7 Reply With Quote
Old Jul 2, 2013, 04:28 PM   #10
iDuel
macrumors 6502a
 
iDuel's Avatar
 
Join Date: Jul 2011
Quote:
Originally Posted by dempson View Post
The details have arrived via Apple's security-announce mailing list.
So according to that, the security fixes were only concerning Quicktime?
__________________
Internet Explorer cannot display this Signature.
iDuel is offline   1 Reply With Quote
Old Jul 2, 2013, 04:34 PM   #11
macs4nw
macrumors 68020
 
macs4nw's Avatar
 
Join Date: Sep 2010
Location: On Safari…..
So glad for this. I won't abandon SL for the desktop, as long as APPLE keeps those security updates cummin'.....
__________________
Due to my aversion to bragging and clichés, no words of wisdom to be found on this line.....
macs4nw is offline   4 Reply With Quote
Old Jul 2, 2013, 04:35 PM   #12
chrfr
macrumors 68020
 
Join Date: Jul 2009
Quote:
Originally Posted by iDuel View Post
So according to that, the security fixes were only concerning Quicktime?
Yes.
chrfr is offline   0 Reply With Quote
Old Jul 2, 2013, 04:38 PM   #13
macnisse
macrumors 6502
 
Join Date: Jun 2010
Thanks apple for keeping SL on track! :-)
macnisse is offline   6 Reply With Quote
Old Jul 2, 2013, 04:58 PM   #14
Cubert
macrumors regular
 
Join Date: Apr 2005
I wonder how much longer Snow Leopard support will continue after Mavericks is released?
Cubert is offline   5 Reply With Quote
Old Jul 2, 2013, 05:49 PM   #15
M5RahuL
macrumors 65816
 
Join Date: Aug 2009
Location: NJ [will always be home ] ... Denver, CO
I kept wondering why it didn't show for me on the App Store.... Then, I realized I was running 10.8.5 and this only patches .4 or earlier!
__________________
15" rMBP 2.3'16' 512 iAir LTE iMini-R LTE
FS Mid '13 MBA i7`8`256 w/AppleCare thru late 2016! ; Mid '13 13" rMBP 2.4' 8'256 ; iP6+ 128GB Unlocked ; Note 3
M5RahuL is offline   0 Reply With Quote
Old Jul 2, 2013, 06:58 PM   #16
bedifferent
macrumors Demi-God
 
bedifferent's Avatar
 
Join Date: Jan 2009
Location: NY
Hey, what about us developers on 10.9?! j/k

----------

Quote:
Originally Posted by iDuel View Post
So according to that, the security fixes were only concerning Quicktime?
Quicktime really needs an overhaul. Quicktime X doesn't support a plethora of codecs that most use, I'm sure they can work out licensing if need be for AC3, AVI, MKV, etc. It's embarrassing as the base media system for OS X when most have to use VLC.
__________________
Any sufficiently advanced technology is indistinguishable from magic.
Arthur C. Clarke
bedifferent is offline   2 Reply With Quote
Old Jul 2, 2013, 10:43 PM   #17
Morod
macrumors 65816
 
Join Date: Jan 2008
Location: On The Nickel, over there....
Thank you, Apple, for keeping this satisfied Snow Leopard user happy and safe!
__________________
Everything should be made as simple as possible, but not simpler.
Albert Einstein
Morod is offline   0 Reply With Quote
Old Jul 2, 2013, 10:52 PM   #18
Nanasaki
macrumors 6502
 
Join Date: Oct 2010
Will this break my Hackintosh setup? Finger crossed...
__________________
MacBook Air 2012, Mac Mini 2011, iPad Mini 1&2, iPad 4, Nexus 4, Nexus 7, Moto G
Nanasaki is offline   0 Reply With Quote
Old Jul 2, 2013, 11:49 PM   #19
Yamcha
macrumors 68000
 
Join Date: Mar 2008
Quote:
Originally Posted by Nanasaki View Post
Will this break my Hackintosh setup? Finger crossed...
Very unlikely, since it's a security update. Sometimes driver updates can disable audio or ethernet - requiring you to re-install the drivers. But If you have a natively supported graphics card & processor you shouldn't have issues.

Also using a Mac OSX supported usb audio, ethernet or wifi card can solve this problem permanently =).
__________________
iMac 27" | Intel Core i5 3.2GHz | 8GB Memory | 1TB Hard Drive | GeForce GTX 675MX 1GB | OSX Mavericks 10.9.1 | Windows 8.1 64-Bit
Yamcha is offline   0 Reply With Quote
Old Jul 3, 2013, 01:15 AM   #20
jqworle
macrumors newbie
 
Join Date: Jun 2013
Location: UK
Not available at the moment as the download page is blank
jqworle is offline   0 Reply With Quote
Old Jul 3, 2013, 05:21 AM   #21
AnonMac50
macrumors 65816
 
Join Date: Mar 2010
Quote:
Originally Posted by Luap View Post
Hmm, 20mb for 10.8, and a hefty 347mb for 10.6




Seriously??
Quote:
Originally Posted by joelvega125 View Post
Did you actually read anything or did you jump straight to comment? Jack wagon...
10.6 wasn't mentioned when I posted. I triple checked the post to make sure.

And the link provided did not say anything about the security content when I posted.
__________________
[Tutorial] Three Finger Drag on Non-supported Multitouch Macs (MAJOR UPDATES!!! (8/7/2013))
Front Row for Lion
Now I know why the maps icon wants you to jump off of a bridge!
AnonMac50 is offline   0 Reply With Quote
Old Jul 3, 2013, 08:16 AM   #22
Nanasaki
macrumors 6502
 
Join Date: Oct 2010
Quote:
Originally Posted by Yamcha View Post
Very unlikely, since it's a security update. Sometimes driver updates can disable audio or ethernet - requiring you to re-install the drivers. But If you have a natively supported graphics card & processor you shouldn't have issues.

Also using a Mac OSX supported usb audio, ethernet or wifi card can solve this problem permanently =).
Yeah... I just did the update, my Hackintosh is still fully functional. I also update my Mac Mmi and MacBook Air, so I do have real Macs... But Hackintosh is always fun to play with
__________________
MacBook Air 2012, Mac Mini 2011, iPad Mini 1&2, iPad 4, Nexus 4, Nexus 7, Moto G
Nanasaki is offline   0 Reply With Quote
Old Jul 3, 2013, 08:32 AM   #23
vmachiel
macrumors 65816
 
Join Date: Feb 2011
Location: Holland
Quote:
Originally Posted by Xaaris View Post
It requires a restart
so.....?
__________________
2010 MBP, 2.4 GHz i5, 8 GB RAM, 240 GB SSD; 32GB Silver iPhone 5S; 32 GB Wifi iPad (3rd gen)
vmachiel is offline   1 Reply With Quote
Old Jul 3, 2013, 04:01 PM   #24
cav23j
macrumors regular
 
Join Date: Oct 2008
Downloaded and Installed this on 10.8.4 through the App Store, now Safari won't work at all, it instantly crashes everytime, I have the error log but now I got to use another browser till this get's fixed
cav23j is offline   0 Reply With Quote
Old Jul 3, 2013, 06:23 PM   #25
Mr. Retrofire
macrumors 601
 
Mr. Retrofire's Avatar
 
Join Date: Mar 2010
Location: www.emiliana.cl
Snow Kitty, i <3 you!
Mr. Retrofire is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > Mac Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Apple Releases OS X Security Update for Mavericks, Mountain Lion, and Lion Users MacRumors Mac Blog Discussion 36 Apr 23, 2014 02:54 PM
Should I Update my OS from Snow Leopard to Mountain Lion? badman89 MacBook Air 41 Jul 30, 2013 05:20 PM
Update from Snow leopard to Mountain Lion? thekiwee OS X 10.8 Mountain Lion 2 Jun 21, 2013 02:44 PM
Apple Releases Security Update 2013-001 for Snow Leopard and Lion MacRumors Mac Blog Discussion 37 Apr 1, 2013 12:38 AM
Update Mac OS Snow Leopard to OS X Mountain Lion cthesky iPhone/iPad Programming 5 Sep 2, 2012 01:34 PM

Forum Jump

All times are GMT -5. The time now is 03:32 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps