Apple Garageband
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Apple Garageband.
Recent Apple Garageband Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 121866 | GarageBand 10.4.12 - Apple Security Content | January 30, 2025 |
| HT214090 | GarageBand 10.4.11 Security Content | March 12, 2024 |
| HT214042 | GarageBand 10.4.9 Security Content | November 6, 2023 |
| HT213650 | GarageBand for macOS 10.4.8 Security Content | March 7, 2023 |
| HT213191 | GarageBand 10.4.6 Security Content | March 14, 2022 |
| HT212299 | GarageBand 10.4.3 Security Content | April 6, 2021 |
| HT207518 | GarageBand 10.1.6 Security Content | February 13, 2017 |
| HT207477 | GarageBand 10.1.5 Security Content | January 18, 2017 |
By the Year
In 2026 there have been 0 vulnerabilities in Apple Garageband. Last year, in 2025 Garageband had 1 security vulnerability published. Right now, Garageband is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 7.80 |
| 2024 | 2 | 7.80 |
| 2023 | 2 | 7.80 |
| 2022 | 2 | 7.80 |
| 2021 | 1 | 5.50 |
It may take a day or so for new Garageband vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Apple Garageband Security Vulnerabilities
GarageBand <10.4.12: Image Bounds Check flaw allows arbitrary code execution
CVE-2024-44142
7.8 - High
- January 30, 2025
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
GarageBand Entitlement Validation Bypass Root Privilege Escalation Vulnerability
CVE-2023-42867
7.8 - High
- December 20, 2024
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.
Improper Preservation of Permissions
UAF in GarageBand <10.4.11 leads to code exec
CVE-2024-23300
7.8 - High
- March 12, 2024
A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
Dangling pointer
Privilege Escalation via GarageBand Installer (macOS) before 10.4.8
CVE-2023-27960
7.8 - High
- May 08, 2023
This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand.
GarageBand 10.4.8 Malicious MIDI OOB Read (CVE-2023-27938)
CVE-2023-27938
7.8 - High
- May 08, 2023
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution.
Out-of-bounds Read
An out-of-bounds read was addressed with improved bounds checking
CVE-2022-22664
7.8 - High
- March 18, 2022
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
Out-of-bounds Read
A memory initialization issue was addressed with improved memory handling
CVE-2022-22657
7.8 - High
- March 18, 2022
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
Improper Initialization
This issue was addressed by removing additional entitlements
CVE-2021-30654
5.5 - Medium
- September 08, 2021
This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Apple Garageband or by Apple? Click the Watch button to subscribe.
