Apple says a newly patched hole in its GarageBand music tool could allow for remote code execution on the Mac.
The
GarageBand 10.1.6 update is being pushed out to all Macs running OS X Yosemite and later. Because GarageBand is installed by default on OS X systems, all Mac owners should install the patch, but those who regularly use the music composing software should pay particular attention.
The lone flaw addressed in the update,
CVE-2017-2374, allows an attack to remotely execute simply by running a malformed .band file. Apple uses the .band format for all GarageBand project files.
