Boobytrapped movie files could infect your Mac – patch now!

Mountain LionApple has issued a critical security update for users of Mac OS X 10.6.8 (Snow Leopard), 10.7.5 (Lion) and 10.8.4 (Mountain Lion) that users should install as quickly as possible.

According to details published by Apple, the security update fixes a variety of flaws in which the Mac OS X operating system handles movie files.

In a nutshell, a hacker could boobytrap a movie file in such a way that just viewing it could cause “unexpected application termination” or (gulp!) “arbitrary code execution”. That last one, basically means that if you open a maliciously crafted movie file on your Mac computer you could infect it with a Trojan horse or virus.

The vulnerabilities were disclosed to Apple via HP’s Zero Day Initiative, a program which pays security researchers cash for disclosing details of vulnerabilities. The hope has to be, of course, that malicious hackers have not also uncovered the vulnerabilities as they could be a profitable way to spread a malware attack and compromise Mac computers.

Sign up to our free newsletter.
Security news, advice, and tips.

Mac OS X Security Update

Apple says that it has fixed the problems, which all relate to buffer overflows or underflows, by improving QuickTime’s handling of bounds exceptions. But you’re only protected against the vulnerabilities if you apply the patch. My recommendation would be to do so as soon as possible, rather than risk your chances.

If you don’t want to wait for your Mac to prompt you that there are new security patches available, you can download Security Update 2013-003 directly from Apple’s website.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.