Apple Releases Security Update 2013-003 for OS X Snow Leopard, Lion and Mountain Lion

Discussion in 'Mac Blog Discussion' started by MacRumors, Jul 2, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple has released a security update for OS X Snow Leopard, Lion and Mountain Lion, Security Update 2013-003 for Snow Leopard, Lion and Mountain Lion. Apple's security update Knowledge Base article has not been updated with details about the release, but changes should appear soon.

    [​IMG]
    The update is available through the Mac App Store and Apple's software download website for Snow Leopard, Lion and Mountain Lion.

    Article Link: Apple Releases Security Update 2013-003 for OS X Snow Leopard, Lion and Mountain Lion
     
  2. macrumors 65816

    Joined:
    Mar 24, 2010
    #2
    Nothing for Snow Leopard? What does it fix exactly?
     
  3. macrumors 6502a

    Joined:
    Jul 13, 2008
    #3
    PRISM fix - nice! Waiting for Snowden Lion now.
     
  4. macrumors 603

    Michaelgtrusa

    Joined:
    Oct 13, 2008
    Location:
    Everywhere And Nowhere
    #4
    Time for this update. Good news.
     
  5. macrumors 65816

    Luap

    Joined:
    Jul 5, 2004
    #5
    Hmm, 20mb for 10.8, and a hefty 347mb for 10.6


    Seriously?? :rolleyes:
     
  6. macrumors newbie

    Xaaris

    Joined:
    Dec 15, 2011
    #6
    It requires a restart
     
  7. macrumors 6502

    Joined:
    Jul 31, 2007
    #7
    What?

    Some day I would like to read:

    Updates for applemail. copy paste, address book and calendar

    but I don't expect it in my life time.
     
  8. macrumors regular

    Joined:
    Jun 15, 2010
    #8
    Did you actually read anything or did you jump straight to comment? Jack wagon...
     
  9. macrumors member

    Joined:
    Jun 10, 2007
    Location:
    Wellington, New Zealand
    #9
    QuickTime fixes

    The details have arrived via Apple's security-announce mailing list.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    APPLE-SA-2013-07-02-1 Security Update 2013-003

    Security Update 2013-003 is now available and addresses the
    following:

    QuickTime
    Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
    OS X Lion v10.7.5, OS X Lion Server v10.7.5,
    OS X Mountain Lion v10.8.4
    Impact: Playing a maliciously crafted movie file may lead to an
    unexpected application termination or arbitrary code execution
    Description: A buffer overflow existed in the handling of Sorenson
    encoded movie files. This issue was addressed through improved bounds
    checking.
    CVE-ID
    CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
    working with HP's Zero Day Initiative

    QuickTime
    Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
    OS X Lion v10.7.5, OS X Lion Server v10.7.5,
    OS X Mountain Lion v10.8.4
    Impact: Playing a maliciously crafted movie file may lead to an
    unexpected application termination or arbitrary code execution
    Description: A buffer overflow existed in the handling of H.264
    encoded movie files. This issue was addressed through improved bounds
    checking.
    CVE-ID
    CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

    QuickTime
    Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8,
    OS X Lion v10.7.5, OS X Lion Server v10.7.5,
    OS X Mountain Lion v10.8.4
    Impact: Viewing a maliciously crafted movie file may lead to an
    unexpected application termination or arbitrary code execution
    Description: A buffer underflow existed in the handling of 'mvhd'
    atoms. This issue was addressed through improved bounds checking.
    CVE-ID
    CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day
    Initiative

    Security Update 2013-003 may be obtained from the Software Update
    pane in System Preferences, or Apple's Software Downloads web site:
    http://www.apple.com/support/downloads/

    The Software Update utility will present the update that applies
    to your system configuration.

    For OS X Mountain Lion v10.8.4
    The download file is named: SecUpd2013-003.dmg
    Its SHA-1 digest is: 5452c463819106ec30e9f365031f65f1b6c538c0

    For OS X Lion v10.7.5
    The download file is named: SecUpd2013-003.dmg
    Its SHA-1 digest is: c94eeaee2e329f75830140598c8973b6a8e1b22d

    For OS X Lion Server v10.7.5
    The download file is named: SecUpdSrvr2013-003.dmg
    Its SHA-1 digest is: 849d5d4fd5c5a46f84d3607a84b6957fe4f10a00

    For Mac OS X v10.6.8
    The download file is named: SecUpd2013-003.dmg
    Its SHA-1 digest is: 59f7be08ba2f3e343539c011793f7e31773f9caa

    For Mac OS X Server v10.6.8
    The download file is named: SecUpdSrvr2013-003.dmg
    Its SHA-1 digest is: 7586022106c870e46139016ddc5e667def454430

    Information will also be posted to the Apple Security Updates
    web site: http://support.apple.com/kb/HT1222

    This message is signed with Apple's Product Security PGP key,
    and details are available at:
    https://www.apple.com/support/security/pgp/

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
    Comment: GPGTools - http://gpgtools.org

    iQIcBAEBAgAGBQJR0zpyAAoJEPefwLHPlZEwdZ8QAJvykdoFKGOHgn9HzpFJ+tbm
    0uXPFrExBTcgpypxiZngJJ7Py46FyFvHR9EkfppJDBVEURDpu3/AJRBCi5GnvpoV
    7yGPiy5vnHJzUn+wvKUloKIKQQoEbOqmh4f0lfgMsD5CQyZP4f2uulW3fSXrJNT2
    bVUc8VrVuw3QSvjeIsl7ZneLHvCv/yZ8wepWS3bR8vPnyv7jLHtNbryKGL8Qhiwx
    MZEMaV1xQzKn82+0J4C5+TXsoqxLGKZMmlHjY3XbueQaV4NyU6hHnWdhjKjQ7aI1
    frPRoE5tPuv+uMI51bxHNXT7vTYKVaBO+d2RVLclGRXvWm0l0q8N+liNEGrnYNY/
    nD3A6KriFyONILSMOeHQUCh5CHDmuNhArtOMRICcQqBUfbVQ4XbDyKi7+4vv1Eug
    r4p8ViN5uM2SvbIfsmZR7VsydvxJZV9uiQmcVQRqu4Yu80jKqyBV0qHZtTnnC0td
    gL0vqYY7JuSRB3QDOzWPvRk+x4KdCHNQitdqj+fSq0iqFKb3ovvOn7Ug+UEpq60P
    EIiRORMtj/Gh/LmlVJg62Mtoq+dY/g5z1RBPBVfEINbMyTMFStqRtVcWFo2Augo/
    ucFFQ671Xn8PoMJ/5PhGNjDCDSBzCyyAY8WGnMWS4uiIXt+rsrtBavc1L7j3LuYD
    R0og2PzHJPrZVEzhSZBn
    =0jKe
    -----END PGP SIGNATURE-----

    ----------

    That's the normal pattern. When Apple releases a security update it usually incorporates earlier security updates going back to the last minor system version number update (which incorporated all security updates prior to that point), so that people installing the system from scratch only need to apply a single system version update followed by a single security update, instead of multiple security updates.

    This means that security updates are generally larger for older major system versions, because they have had a longer time since the last minor version number update, and more security updates have accumulated.

    Snow Leopard has been accumulating security updates since 10.6.8 was released in June 2011.

    Lion has been accumulating security updates since 10.7.5 was released in September 2012.

    Mountain Lion's security update only needs to include this batch of fixes, since all earlier ones are included in 10.8.4, which was released in June 2013.
     
  10. macrumors 6502a

    iDuel

    Joined:
    Jul 20, 2011
    Location:
    Greece/USA
    #10
    So according to that, the security fixes were only concerning Quicktime?
     
  11. macrumors 68030

    macs4nw

    #11
    So glad for this. I won't abandon SL for the desktop, as long as APPLE keeps those security updates cummin'.....:)
     
  12. macrumors 68040

    Joined:
    Jul 11, 2009
    #12
    Yes.
     
  13. macrumors 6502

    Joined:
    Jun 26, 2010
    #13
    Thanks apple for keeping SL on track! :)
     
  14. macrumors regular

    Cubert

    Joined:
    Apr 30, 2005
    #14
    I wonder how much longer Snow Leopard support will continue after Mavericks is released?
     
  15. macrumors 68000

    M5RahuL

    Joined:
    Aug 1, 2009
    Location:
    Colorado
    #15
    I kept wondering why it didn't show for me on the App Store.... Then, I realized I was running 10.8.5 :p and this only patches .4 or earlier!
     
  16. macrumors 603

    bedifferent

    Joined:
    Jan 8, 2009
    Location:
    NY
    #16
    Hey, what about us developers on 10.9?! :p j/k

    ----------

    Quicktime really needs an overhaul. Quicktime X doesn't support a plethora of codecs that most use, I'm sure they can work out licensing if need be for AC3, AVI, MKV, etc. It's embarrassing as the base media system for OS X when most have to use VLC.
     
  17. macrumors 65816

    Morod

    Joined:
    Jan 1, 2008
    Location:
    On The Nickel, over there....
    #17
    Thank you, Apple, for keeping this satisfied Snow Leopard user happy and safe!
     
  18. macrumors 6502

    Nanasaki

    Joined:
    Oct 26, 2010
    #18
    Will this break my Hackintosh setup? Finger crossed...
     
  19. macrumors 68000

    Joined:
    Mar 6, 2008
    #19
    Very unlikely, since it's a security update. Sometimes driver updates can disable audio or ethernet - requiring you to re-install the drivers. But If you have a natively supported graphics card & processor you shouldn't have issues.

    Also using a Mac OSX supported usb audio, ethernet or wifi card can solve this problem permanently =).
     
  20. macrumors newbie

    Joined:
    Jun 26, 2013
    Location:
    UK
    #20
    Not available at the moment as the download page is blank
     
  21. macrumors 65816

    Joined:
    Mar 24, 2010
    #21
    10.6 wasn't mentioned when I posted. I triple checked the post to make sure.

    And the link provided did not say anything about the security content when I posted.
     
  22. macrumors 6502

    Nanasaki

    Joined:
    Oct 26, 2010
    #22
    Yeah... I just did the update, my Hackintosh is still fully functional. I also update my Mac Mmi and MacBook Air, so I do have real Macs... But Hackintosh is always fun to play with
     
  23. macrumors 65816

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #23
    so.....?
     
  24. macrumors regular

    Joined:
    Oct 11, 2008
    #24
    Downloaded and Installed this on 10.8.4 through the App Store, now Safari won't work at all, it instantly crashes everytime, I have the error log but now I got to use another browser till this get's fixed
     
  25. macrumors 601

    Mr. Retrofire

    Joined:
    Mar 2, 2010
    Location:
    www.emiliana.cl
    #25
    Snow Kitty, i <3 you! :D
     

Share This Page