Apple releases critical security update for branded music application GarageBand. The vulnerability allows attackers to run arbitrary code on Mac. Given that GarageBand comes with the operating system of Apple, the threat is very high.
GarageBand is a popular package for making music and recordings available on macOS and iOS. GarageBand is installed on Mac by default. Vulnerability discovered by experts Cisco Talos manifests itself in improper processing program file format .band in which user data is stored, writes Cnews.
The files are divided into fragments of a certain length, and this length is determined by the user, and it can be used with malicious purposes, up to the execution of arbitrary code on the user’s machine.
To do this, an attacker can simply create a specially prepared file format .band and make it run on the victim’s machine. Technical details of the process are available on the website Talos.
An update has been released, and the GarageBand users who have not yet installed it, you should do it as soon as possible.
Since GarageBand is included in the software shipped with macOS default under the threat of hacking are all Mac users.
At the moment, information about the real exploitation, no Apple, no Talos, no, however publication of information about it may well attract the attention of cyber criminals, so real exploits will not keep you waiting.