It is not each day Apple releases a safety patch for a particular app. Normally, the corporate releases patches as half of a giant replace, reminiscent of with iOS 17.4 and macOS Sonoma 14.4. Nevertheless, the corporate unexpectedly dropped an replace for GarageBand Tuesday, which included a safety patch for the audio program alone.
On the App Retailer, Apple says GarageBand 10.4.11 is an replace that features “stability updates and bug fixes.” Nevertheless, in keeping with Apple’s safety notes, the corporate specifies this replace is for GarageBand apps on macOS Sonoma and macOS Ventura, and addresses a difficulty the place processing a malicious file might result in app termination or arbitrary code execution.
It seems that the problem stems from a use-after-free vulnerability: It is a flaw brought about when the reminiscence administration system clears information from reminiscence, however does not clear the pointer that results in that obtainable reminiscence. On this case, malicious customers might substitute their very own code on this obtainable area. Briefly, dangerous actors might exploit the vulnerability to run no matter code they needed to, and successfully take over your machine.
Usually, that is the half the place I would suggest you replace GarageBand at your earliest comfort. Since this flaw particularly appears to have an effect on macOS’ model of GarageBand, I would level you to the Mac App Retailer’s Updates tab. Nevertheless, once I go right here, I do not really discover the replace ready for me. I do discover it, nonetheless, when looking GarageBand within the App Retailer. It did not present up instantly, although: If you cannot discover the replace within the Updates menu or the App Retailer, maintain attempting.
It does not look like this vulnerability is a zero-day, so, in idea, there ought to be no identified exploits for it. Nevertheless, to be secure, you must replace GarageBand earlier than persevering with to make use of it. Right now, it appears this situation does not have an effect on the iOS model of GarageBand, which is at present model 2.3.15. Nevertheless, if each apps have the identical vulnerability of their code, anticipate an iOS replace imminently.
