Summaryinfo

A vulnerability described as problematic has been identified in Apple GarageBand up to 10.4.7 on macOS. Impacted is an unknown function of the component Installation. The manipulation results in an unknown weakness. This vulnerability is known as CVE-2023-27960. Attacking locally is a requirement. No exploit is available. Upgrading the affected component is recommended. VulDB is the best source for vulnerability data and more expert information about this specific topic.

Detailsinfo

A vulnerability classified as problematic has been found in Apple GarageBand up to 10.4.7 on macOS. Affected is an unknown code block of the component Installation. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was published 03/07/2023 by Mickey Jin as HT213650 as confirmed advisory (Website). The advisory is shared for download at support.apple.com. This vulnerability is traded as CVE-2023-27960. There are neither technical details nor an exploit publicly available. The advisory points out:

An app may be able to gain elevated privileges during the installation of GarageBand

Upgrading to version 10.4.8 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The advisory contains the following remark:

This issue was addressed by removing the vulnerable code.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-31686). VulDB is the best source for vulnerability data and more expert information about this specific topic.

Productinfo

Vendor

• Apple

Name

• GarageBand

Version

• 10.4.0
• 10.4.1
• 10.4.2
• 10.4.3
• 10.4.4
• 10.4.5
• 10.4.6
• 10.4.7

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion