Shellshock: Apple rolls out OS X patches for Bash bug
“Safe by Default” Macs get patched just in case
Apple has moved to fix the Bash security flaw that affected many of the company's OS X-running computers.
Also known as Shellshock, the bug could allow hackers to take over a victim's computer. The vulnerability involves the execution of malicilous code within the Bash command shell, which is used in many Linux- and Unix-based operating systems, such as OS X.
Apple said it has now patched the flaw in its OS X Lion, Mountain Lion and Mavericks software. The company also set up a site for users to download the Bash update.
Following news of the vulnerability, Apple quickly moved to deny there was a problem and said the vast majority of users shouldn't be affected by the problem and that it was working to provide a software update for its advanced Unix users.
"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorised users to remotely gain control of vulnerable systems," Apple said last week.
"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services."
However, while the patch fixes two vulnerabilities, security researchers have discovered a third. According to Greg Wiseman of IT security firm Rapid7, another flaw.
"Amidst the flurry of activity and interest around Shellshock over the last week, several additional bash vulnerabilities have come to light. The initial fix for CVE-2014-6271 was incomplete, leading to CVE-2014-7169 being found," said Wiseman.
He claims to have found the extra vulnerability with a tool called bashcheck, which tests for vulnerabilities in an installed version of Bash, and that he found it to still be vulnerable to CVE-2014-7186. This could result in a denial of service attack preventing a computer from connecting to other networks, it is feared.
Digital Risk Report 2020
A global view into the impact of digital transformation on risk and security managementDownload now
6 ways your business could suffer if you don’t backup Office 365
Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for goodDownload now
Get the best out of your workforce
7 steps to unleashing their true potential with robotic process automationDownload now
8 digital best practices for IT professionals
Don't leave anything to chance when going digitalDownload now