Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-33


Apple GarageBand File Project File Processing Flaw Lets Remote Users Execute Arbitrary Code
Severity Rating: Medium
Systems Affected:
  • Apple GarageBand versions prior to 10.1.6
Description
A vulnerability has been identified in Apple GarageBand and can be exploited by remote attackers to cause execution of arbitrary code on the affected system.  The vulnerability can allow remote attackers to create a specially crafted GarageBand Project file that when loaded by the user will trigger a memory corruption error and cause execution of arbitrary code on the affected system. The code will run with the privileges of the user.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
Vendor Information
Apple
 
CVE Information
 
References
Security Tracker
 
Apple Security
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis