Apple Patches Garageband Flaw To Prevent Malicious Code Execution On Mac

Apple has plugged a security hole in its music creation software Garageband in order to prevent malicious code from being executed on Macs by exploiting the vulnerability.

The flaw, CVE-2017-2374 had been discovered by Cisco’s Talos security team along with anther hole that Apple patched with an earlier update to Garagband.

Garageband flaw

“This particular vulnerability is the result of the way the application parses the proprietary file format used for GarageBand files, .band. The format is broken into chunks with a specific length field for each. This length is controlled by the user and can be leveraged to expose an exploitable condition. This vulnerability could be exploited by a user opening a specially crafted .band file,” Tyler Bohan of Cisco Talos explained.

The popularity of Garageband amongst a wide range of hobbyist and semi-professional music makers, means the vulnerability could have affected a huge amount of people. But neither Apple nor Cisco Talos reported any exploitation of either security hold in the wild.

Apple is pushing out the Garageband 10.1.6 update to all Mac users running Mac OS X Yosemite or later version of the operating system, so regular users of Garageband can rest easy providing they ensure that the update has been installed on their Macs.

Mac machines appear to be coming under a fair bit of cyber security fire of late, with the Xagent malware, supposedly created by Russian hacker group APT28, having made the jump from Windows, iOS, Android and Linux to Mac OS X.

Moke Malware has also recently made the jump from Windows and Linux to threaten Mac OS X, giving Apple more security woes to work at defending against.

Are you a security pro? Try our quiz!