GarageBand 10.1.6 is released today, fixing an arbitrary code execution bug in Yosemite 10.10 and later (CVE-2017-2374)
There’s also second patch for Logic Pro X 10.3.1. Unfortunately, it’s got the text for the Garageband patch in it’s notes, so it’s not clear what is fixed in this update.
As always, all Apple security patches are hosted here: https://support.apple.com/kb/HT201222
Source: SANS Internet Storm Center, InfoCON: green @ February 21, 2017 at 04:57PM