CVE-2023-42867Improper Preservation of Permissions in Apple Garageband

CWE-281Improper Preservation of Permissions3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 80.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Garageband
Timeline
PublishedDec 20

Description

This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/garagebandunspecified10.4.9
NVDapple/garageband< 10.4.9

🔴Vulnerability Details

2
GHSA
GHSA-x99p-qwh9-pfqr: This issue was addressed with improved validation of the process entitlement and Team ID2024-12-20
CVEList
CVE-2023-42867: This issue was addressed with improved validation of the process entitlement and Team ID2024-12-20
CVE-2023-42867 — Improper Preservation of Permissions | cvebase