GarageBand is a digital audio workstation developed by Apple Inc. for macOS and iOS devices. It allows users to create music or podcasts with an intuitive interface featuring a wide range of musical instruments and audio processing tools. The software is commonly used by amateur musicians and podcast creators.

GarageBand

Logic Pro X is a professional digital audio workstation (DAW) for macOS devices. It offers advanced music production tools, such as virtual instruments, audio recording, editing, mixing, and mastering capabilities.

Logic Pro X

An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2024-44142	HIGH	7.8	GarageBand	GarageBand	No	Yes	Jan 30, 2025
CVE-2023-42867	HIGH	7.8	GarageBand	GarageBand	No	Yes	Dec 20, 2024
CVE-2024-23300	HIGH	7.8	GarageBand	GarageBand	No	Yes	Mar 12, 2024
CVE-2022-22664	HIGH	7.8	macOS	GarageBand MIDI	No	Yes	Mar 18, 2022
CVE-2022-22657	HIGH	7.8	macOS	GarageBand MIDI	No	Yes	Mar 18, 2022

CVE-2017-2374:
GarageBand vulnerability analysis and mitigation

7.8

Related GarageBand vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2017-2374: GarageBand vulnerability analysis and mitigation