Apple GarageBand File Project File Processing Flaw Lets Remote Users Execute Arbitrary Code
Severity Rating: Medium
- Apple GarageBand versions prior to 10.1.6
A vulnerability has been identified in Apple GarageBand and can be exploited by remote attackers to cause execution of arbitrary code on the affected system. The vulnerability can allow remote attackers to create a specially crafted GarageBand Project file that when loaded by the user will trigger a memory corruption error and cause execution of arbitrary code on the affected system. The code will run with the privileges of the user.
Users are advised to apply updates.
More information about the update is available on:
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street