Apple Releases Rare Security Update for One App

It’s not every day that Apple releases a security patch for a specific application. The company typically releases patches as part of a larger update, such as for iOS 17.4 and macOS Sonoma 14.4 . However, on Tuesday the company unexpectedly released an update to GarageBand that included a security fix only for the audio program.

On the App Store, Apple says GarageBand 10.4.11 is an update that includes “stability updates and bug fixes.” However, according to Apple’s security notes , the company indicates that this update targets the GarageBand apps on macOS Sonoma and macOS Ventura and addresses an issue where processing a malicious file could cause the app to terminate or execute arbitrary code.

The problem appears to be related to a use-after-free vulnerability : this is a bug that occurs when the memory management system clears data from memory but does not clear the pointer leading to that available memory. In this case, attackers can insert their own code into this available space. In short, attackers can take advantage of the vulnerability to run any code they want and essentially take over your machine.

Typically at this point I would recommend that you update GarageBand as soon as possible. Since this flaw seems to specifically affect the macOS version of GarageBand, I’d point you to the Updates tab in the Mac App Store. However, when I go here, I don’t actually find an update waiting for me. However, I found it when searching for GarageBand in the App Store. However, it didn’t appear right away: if you can’t find the update in the Updates menu or in the App Store, keep trying.

This does not appear to be a zero-day vulnerability, so in theory there should be no known exploits for it. However, for safety reasons, you should update GarageBand before continuing to use it. Currently, this issue does not seem to affect the iOS version of GarageBand, which is currently at version 2.3.15. However, if both apps have the same vulnerability in their code, expect an iOS update soon.

More…

Leave a Reply