Apple Patches Garageband Flaw To Prevent Malicious Code Execution On Mac

Apple has plugged a security hole in its music creation software Garageband in order to prevent malicious code from being executed on Macs by exploiting the vulnerability.

The flaw, CVE-2017-2374 had been discovered by Cisco’s Talos security team along with anther hole that Apple patched with an earlier update to Garagband.

Garageband flaw

“This particular vulnerability is the result of the way the application parses the proprietary file format used for GarageBand files, .band. The format is broken into chunks with a specific length field for each. This length is controlled by the user and can be leveraged to expose an exploitable condition. This vulnerability could be exploited by a user opening a specially crafted .band file,” Tyler Bohan of Cisco Talos explained.

The popularity of Garageband amongst a wide range of hobbyist and semi-professional music makers, means the vulnerability could have affected a huge amount of people. But neither Apple nor Cisco Talos reported any exploitation of either security hold in the wild.

Apple is pushing out the Garageband 10.1.6 update to all Mac users running Mac OS X Yosemite or later version of the operating system, so regular users of Garageband can rest easy providing they ensure that the update has been installed on their Macs.

Mac machines appear to be coming under a fair bit of cyber security fire of late, with the Xagent malware, supposedly created by Russian hacker group APT28, having made the jump from Windows, iOS, Android and Linux to Mac OS X.

Moke Malware has also recently made the jump from Windows and Linux to threaten Mac OS X, giving Apple more security woes to work at defending against.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

21 hours ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

22 hours ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

2 days ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

2 days ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

2 days ago