CVE-2024-44142
Published: 30 January 2025
Summary
CVE-2024-44142 is a high-severity an unspecified weakness vulnerability in Apple Garageband. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2024-44142 is a vulnerability addressed through improved bounds checks in GarageBand. It affects GarageBand versions prior to 10.4.12, where processing a maliciously crafted image may lead to arbitrary code execution.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A local attacker with no privileges can exploit it via low-complexity means that require user interaction, such as convincing a user to process the malicious image in GarageBand, potentially achieving arbitrary code execution with high impacts on confidentiality, integrity, and availability.
Apple's advisory confirms the issue is fixed in GarageBand 10.4.12. Additional details are available in the Apple support page at https://support.apple.com/en-us/121866 and the Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Feb/2.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41251
Vulnerability details
The issue was addressed with improved bounds checks. This issue is fixed in GarageBand 10.4.12. Processing a maliciously crafted image may lead to arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary code execution via malicious image file in client application (GarageBand) directly maps to client-side exploitation and user-assisted malicious file execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely identification, reporting, and patching of flaws like the bounds check vulnerability in GarageBand, directly preventing exploitation by applying the fix in version 10.4.12.
SI-10 mandates validation of input content prior to processing, directly addressing the lack of bounds checks that allowed malicious images to trigger arbitrary code execution in GarageBand.
SI-16 enforces memory protections such as address space layout randomization and non-executable memory to prevent arbitrary code execution from bounds check failures during image processing.