October 1, 2014
Last week we reported that a bug called “Shellshock” had been identified as a potentially dangerous security flaw in the Bash software that appears in more than 70 percent of devices connected to the Internet. While initial reports have suggested that Linux and OS X systems are anticipated to be particularly vulnerable, Apple released a statement claiming that there is no need to panic. “The vast majority of OS X users are not at risk to recently reported Bash vulnerabilities,” said Apple.
“Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems,” explained Apple in the statement. “With OS X, systems are safe by default and not exposed to remote exploits of Bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
“If you are one of the ‘advanced UNIX users’ that Apple refers to then the safest course of action is to disable the services in question until the company is able to get an update out, though Apple hasn’t been specific in saying which services are affected,” reports Digital Trends. “What makes Shellshock so dangerous is that it’s been present in every UNIX system since way back in 1989, so there are a lot of potentially exposed systems out there.”
Frequently Asked Questions About the Shellshock Bash Flaws, Red Hat Security Blog, 9/26/14
How to Check if You’re Affected by the Shellshock Bash Bug for Linux, OS X, Digital Trends, 9/25/14