PT-2023-28622 · Apple · Garageband

Wojciech Regula

Publicado

2023-12-08

Atualizado

2025-01-06

CVE-2023-42867

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GarageBand versions prior to 10.4.9

Description This issue was addressed with improved validation of the process entitlement and Team ID. An app may be able to gain root privileges. The problem was solved by better checking the process entitlement and Team ID.

Recommendations For GarageBand versions prior to 10.4.9, update to version 10.4.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features that may allow an app to gain root privileges until the update is applied.

Correção

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281

Identificadores relacionados

CVE-2023-42867

Produtos afetados

Garageband

PT-2023-28622 · Apple · Garageband

CVE-2023-42867

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11