You are here

V-191: Apple Mac OS X Multiple Vulnerabilities

July 3, 2013 - 6:00am

Addthis

PROBLEM:

Apple has issued a security update for Mac OS X

PLATFORM:

Apple Macintosh OS X

ABSTRACT:

The vulnerabilities are caused due to a bundled version of QuickTime

REFERENCE LINKS:

Secunia Advisory SA54049
APPLE-SA-2013-07-02-1 Security Update 2013-003
CVE-2013-1018
CVE-2013-1019
CVE-2013-1022

IMPACT ASSESSMENT:

High

DISCUSSION:

A boundary error when parsing compressed data within H.264 encoded movie files can be exploited to cause a buffer overflow

A boundary error when handling the Sorenson Video 3 "mdat" section within a MOV file can be exploited to cause a buffer overflow

A boundary error when handling "mvhd" atoms can be exploited to cause a heap-based buffer underflow

IMPACT:

Successful exploitation of the vulnerabilities may allow execution of arbitrary code

SOLUTION:

Security Update 2013-003 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site

Addthis