IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Shellshock: Apple rolls out OS X patches for Bash bug

“Safe by Default” Macs get patched just in case

Apple has moved to fix the Bash security flaw that affected many of the company's OS X-running computers.

Also known as Shellshock, the bug could allow hackers to take over a victim's computer. The vulnerability involves the execution of malicilous code within the Bash command shell, which is used in many Linux- and Unix-based operating systems, such as OS X.

Apple said it has now patched the flaw in its OS X Lion, Mountain Lion and Mavericks software. The company also set up a site for users to download the Bash update.

Following news of the vulnerability, Apple quickly moved to deny there was a problem and said the vast majority of users shouldn't be affected by the problem and that it was working to provide a software update for its advanced Unix users.

"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorised users to remotely gain control of vulnerable systems," Apple said last week.

"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services."

However, while the patch fixes two vulnerabilities, security researchers have discovered a third. According to Greg Wiseman of IT security firm Rapid7, another flaw.

"Amidst the flurry of activity and interest around Shellshock over the last week, several additional bash vulnerabilities have come to light. The initial fix for CVE-2014-6271 was incomplete, leading to CVE-2014-7169 being found," said Wiseman.

He claims to have found the extra vulnerability with a tool called bashcheck, which tests for vulnerabilities in an installed version of Bash, and that he found it to still be vulnerable to CVE-2014-7186. This could result in a denial of service attack preventing a computer from connecting to other networks, it is feared.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Best laptops 2022: Acer, Asus, Dell and more
Laptops

Best laptops 2022: Acer, Asus, Dell and more

29 Apr 2022
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022