Shellshock: Apple rolls out OS X patches for Bash bug

“Safe by Default” Macs get patched just in case

Apple has moved to fix the Bash security flaw that affected many of the company's OS X-running computers.

Also known as Shellshock, the bug could allow hackers to take over a victim's computer. The vulnerability involves the execution of malicilous code within the Bash command shell, which is used in many Linux- and Unix-based operating systems, such as OS X.

Apple said it has now patched the flaw in its OS X Lion, Mountain Lion and Mavericks software. The company also set up a site for users to download the Bash update.

Following news of the vulnerability, Apple quickly moved to deny there was a problem and said the vast majority of users shouldn't be affected by the problem and that it was working to provide a software update for its advanced Unix users.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorised users to remotely gain control of vulnerable systems," Apple said last week.

"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services."

However, while the patch fixes two vulnerabilities, security researchers have discovered a third. According to Greg Wiseman of IT security firm Rapid7, another flaw.

"Amidst the flurry of activity and interest around Shellshock over the last week, several additional bash vulnerabilities have come to light. The initial fix for CVE-2014-6271 was incomplete, leading to CVE-2014-7169 being found," said Wiseman.

He claims to have found the extra vulnerability with a tool called bashcheck, which tests for vulnerabilities in an installed version of Bash, and that he found it to still be vulnerable to CVE-2014-7186. This could result in a denial of service attack preventing a computer from connecting to other networks, it is feared.

Featured Resources

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

6 ways your business could suffer if you don’t backup Office 365

Office 365 makes it easy to lose valuable data regularly, unpredictably, unintentionally, and for good

Download now

Get the best out of your workforce

7 steps to unleashing their true potential with robotic process automation

Download now

8 digital best practices for IT professionals

Don't leave anything to chance when going digital

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/laptops/23742/best-laptops
Laptops

Best laptops 2019: Dell, Apple, Acer and more

19 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/technology/artificial-intelligence-ai/354796/ai-identifies-11-earth-bound-asteroids
artificial intelligence (AI)

AI identifies 11 earth-bound asteroids

18 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020