According to details published by Apple, the security update fixes a variety of flaws in which the Mac OS X operating system handles movie files.
In a nutshell, a hacker could boobytrap a movie file in such a way that just viewing it could cause “unexpected application termination” or (gulp!) “arbitrary code execution”. That last one, basically means that if you open a maliciously crafted movie file on your Mac computer you could infect it with a Trojan horse or virus.
The vulnerabilities were disclosed to Apple via HP’s Zero Day Initiative, a program which pays security researchers cash for disclosing details of vulnerabilities. The hope has to be, of course, that malicious hackers have not also uncovered the vulnerabilities as they could be a profitable way to spread a malware attack and compromise Mac computers.
Apple says that it has fixed the problems, which all relate to buffer overflows or underflows, by improving QuickTime’s handling of bounds exceptions. But you’re only protected against the vulnerabilities if you apply the patch. My recommendation would be to do so as soon as possible, rather than risk your chances.
If you don’t want to wait for your Mac to prompt you that there are new security patches available, you can download Security Update 2013-003 directly from Apple’s website.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.