After releasing Security Update 2013-003 for OS X yesterday, Apple took a great deal of time to publish the actual security advisory which details the patched bugs.
Available for OS X 10.6 (Snow Leopard), OS X 10.7 (Lion), and OS X 10.8 (Mountain Lion), Security Update 2013-003 addresses only three issues, all present in the QuickTime player.
According to the KB article discussing the contents of Security Update 2013-003, the actual OS versions targeted by the update are Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.4.
The bugs in question can be exploited either by playing or viewing a maliciously-crafted movie file, which would lead to “an unexpected application termination or arbitrary code execution.”
The main cause for all three bugs was a “buffer overflow” in the handling of H.264 encoded movie files, Sorenson encoded movie files, and ‘mvhd’ atoms.