Apple: most users safe from Bash security flaw, Shellshock fix coming soon
Red Hat security researchers this week discovered a vulnerability in Bash, a command interpreter or shell that is found in Unix, Linux and OS X. The flaw potentially allows malicious hackers to run arbitrary commands and gain control over a vulnerable machine. Following the discovery of this bug, Apple responded to iMore and confirmed that "the vast majority of OS X users are not at risk to recently reported bash vulnerabilities."
Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users," the spokesperson said.
Apple doesn't specify which advanced Unix services are involved in Shellshock, nor does the company provide a timeframe for the upcoming fix. If you want to learn more about Shellshock, Troy Hunt has an excellent guide that details the vulnerability and how it compromises web-connected devices. You also can use this script and instructions from our own TJ Luoma to recompile Bash and disable the Shellshock bug ahead of Apple's upcoming fix.
