Arbitrary Code Execution Vulnerability in GarageBand by Apple
CVE-2024-44142

7.8HIGH

Key Information:

Vendor: Apple
Status: Garageband
Vendor: CVE Published:; 30 January 2025

Summary

A security vulnerability in GarageBand affects versions prior to 10.4.12 and results from inadequate bounds checks when processing specially crafted images. This flaw can lead to arbitrary code execution, creating a potential risk for users. The issue has been addressed in the latest update, making it crucial for users to upgrade to GarageBand 10.4.12 or later to mitigate risks.

Affected Version(s)

GarageBand < 10.4

References

https://support.apple.com/en-us/121866

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Aug 20, 2024