GarageBand Fixes Use-After-Free Vulnerability to Prevent Malicious Code Execution
CVE-2024-23300
Summary
CVE-2024-23300 is a use-after-free vulnerability that impacts Apple's GarageBand software, which has been fixed in version 10.4.11. The vulnerability could potentially allow for arbitrary code execution when processing a malicious file, posing a risk of unexpected app termination or unauthorized code execution. While there are no known exploits in the wild at this time, users are urged to update their software to the fixed version to prevent potential exploitation. This is a rare instance of Apple issuing an urgent security update for a single app, highlighting the severity of the vulnerability.
Affected Version(s)
GarageBand < 10.4
News Articles
Apple releases urgent security update for Mac: CVE-2024-23300
News Summary: Apple rarely issues updates for a single security issue, let alone for one that only impacts a single app. So, what do Mac users need to know about CVE-2024-23300? - Forbes (United States)
9 months ago
Forbes: «Apple Suddenly Issues Urgent Security Update For Mac: CVE-2024-23300»
«Apple rarely issues updates for a single security issue, let alone for one that only impacts a single app. So, what do Mac users need to know about CVE-2024-23300?»
9 months ago
ForbesCVE-2024-23300Apple Suddenly Issues Urgent Security Update For Mac: CVE-2024-23300
Apple rarely issues updates for a single security issue, let alone for one that only impacts a single app. So, what do Mac users need to know about CVE-2024-23300?
9 months ago
References
CVSS V3.1
Timeline
- 📰
First article discovered by Forbes
Vulnerability published
Vulnerability Reserved