Rewterz Threat Advisory – CVE-2023-26464 – Apache Log4j Vulnerability
March 12, 2023Rewterz Threat Advisory – Multiple Solarwinds Products Vulnerabilities
March 13, 2023Rewterz Threat Advisory – CVE-2023-26464 – Apache Log4j Vulnerability
March 12, 2023Rewterz Threat Advisory – Multiple Solarwinds Products Vulnerabilities
March 13, 2023Severity
High
Analysis Summary
CVE-2023-27938 CVSS:6.2
Apple GarageBand could allow a local attacker to obtain sensitive information, caused by an out-of-bounds when importing MIDI files. By using a specially crafted application, an attacker could exploit this vulnerability to leak sensitive user information.
CVE-2023-27960 CVSS:8.4
Apple GarageBand could allow a local attacker to gain elevated privileges on the system during the installation process. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-27938
- CVE-2023-27960
Affected Vendors
Apple
Affected Products
- Apple GarageBand 10.4.7
Remediation
Refer to Apple Security Document for patch, upgrade or suggested workaround information.