This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.

Related CVEs

CVE-2023-42867

Key Information

GHSA ID

GHSA-x99p-qwh9-pfqr

Published

December 20, 2024 6:30 AM

Last Modified

December 27, 2024 9:30 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.