CVE-2023-42867

CVE Database · CVE-2023-42867

CVE-2023-42867

· HIGHModified

CVSS v3.1

7.8

EPSS

0.21%

Published

Dec 20, 2024

Modified

Nov 4, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-281

Affected Products (1)

apple · garageband (up to 10.4.9)vulnerable

References (2)

https://support.apple.com/en-us/120299

Vendor Advisory

https://support.apple.com/kb/HT214042

KEV Catalog EPSS Scores Vendors All CVEs