PT-2023-28622 · Apple · Garageband
Wojciech Regula
·
Published
2023-12-08
·
Updated
2025-01-06
·
CVE-2023-42867
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
GarageBand versions prior to 10.4.9
Description
This issue was addressed with improved validation of the process entitlement and Team ID. An app may be able to gain root privileges. The problem was solved by better checking the process entitlement and Team ID.
Recommendations
For GarageBand versions prior to 10.4.9, update to version 10.4.9 to resolve the issue. As a temporary workaround, consider restricting access to sensitive features that may allow an app to gain root privileges until the update is applied.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Garageband