macOS gets patch for critical flaw in music app
14 Feb 2017 at 22:29, Shaun Nichols
Apple says a newly patched hole in its GarageBand music tool could allow for remote code execution on the Mac.
The GarageBand 10.1.6 update is being pushed out to all Macs running OS X Yosemite and later. Because GarageBand is installed by default on OS X systems, all Mac owners should install the patch, but those who regularly use the music composing software should pay particular attention.
The lone flaw addressed in the update, CVE-2017-2374, allows an attack to remotely execute simply by running a malformed .band file. Apple uses the .band format for all GarageBand project files.
Full Article