GarageBand for Mac 10.4.8 updated with security fixes for two vulnerabilities

GarageBand for Mac 10.4.8 fixes two vulnerabilities that could allow an app to leak sensitive user information and gain elevated privileges.

UPDATE: The article was updated with details about the fixes in GarageBand 10.4.8.

Band of musicians performing a sound check
GarageBand is Apple’s free music creation app | Image: Hans Vivek/Unsplash
  • What’s happening? Apple has released GarageBand for macOS 10.4.8, fixing two security flaws. The company advises that all users install this update.
  • Why care?┬áThe vulnerabilities could allow an app to leak sensitive user information and gain elevated privileges during the installation of GarageBand.
  • What to do? Download the update from the App Store.

GarageBand 10.4.8. fixes two vulnerabilities

According to the official release notes on Apple’s website, GarageBand for macOS v10.4.8 “provides important security fixes and is recommended for all users” of the software. Additioanl information is available in another support document describing the security content of GarageBand for macOS 10.4.8.

The update fixes an issue that could allow an app to gain elevated privileges during the installation of GarageBand. Apple has patched this bug by removing the vulnerable code. Another issue that GarageBand 10.4.8 addresses could enable an app to leak sensitive user information. “A possible out-of-bounds when importing MIDI files was addressed with improved input validation,” Apple notes.

GarageBand is Apple’s free software for iOS, iPadOS and macOS for music creation. The Mac version is compatible with all Macs running macOS Monterey 12.3 or later.

How to download GarageBand for macOS 10.4.8

The automatic updates feature will install the latest GarageBand update, but that may take days or even weeks. Instead of waiting, manually update the app by opening the GarageBand page on the App Store and clicking the Update button.

Doing so will immediately download and install the app’s most recent version.

Why Apple doesn’t immediately disclose fixes?

Apple not immediately providing specifics about the contents of a bug-fix update usually means the company has addressed a zero-day vulnerability that might have been exploited in the wild but doesn’t yet want the world to know about it.

“For the protection of our customers, Apple doesn’t disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available,” reads a support document detailing Apple’s security updates.

GarageBand tutorials you might like