Apple patches Bash vulnerability

29. September 2014 Security 3

Since late last week the internet has been buzzing about something named Shellshock. The Bash shell is something most users will never know or hear about, it runs under the hood of OS X and other major operating systems and is critical for a lot of tasks. The flaw that was discovered last week allows an attacker to basically take over your machine if certain conditions are met and was already being exploited online shortly after it’s discovery.

Apple stated that most Mac users were safe from Shellshock as remote services like web sharing are disabled by default. OS X Server users were not mentioned but I consider them to be at far more risk as it is much easier to set up and enable a web server or other remote services. However this bug was serious enough to get Apple’s immediate attention and today they released a software patch “OS X bash Update 1.0”. Strangely this update can not be found through the normal software update process but has to be downloaded from Apple’s website.

The patch was released for the last three operating systems and can be found here:
OS X 10.7 Lion
OS X 10.8 Mountain Lion
OS X 10.9 Mavericks
No restart is required to install this security patch but you do need to have the latest version of your OS installed. If the patch refuses to install, run Software Updates first.

All Mac users running any of those OS X versions should download and install immediately.
The fact that this update is not available through the Software Update menu or App Store is a concern. This means that a lot of OS X user may never install the update. Hopefully this will be corrected.


3 thoughts on “Apple patches Bash vulnerability”

  • 1
    René on September 30, 2014 Reply

    Thanks a lot!

  • 2
    Steve's ugly child on October 2, 2014 Reply

    And we 10.6 users are vulnerable…

    • 3
      Jay on October 3, 2014 Reply

      Yeah, if your hardware supports it, definitely worth upgrading to a newer OS. Adding some RAM to older machines is usually enough. I was/am a fan of 10.6 myself but security wise there just aren’t any benefits to sticking with an OS that old.

Leave a Reply

Your email address will not be published. Required fields are marked *

*