Shellshock Patch Available for Apple OS X

Shellshock Patch for Apple OS X

Last Thursday evening Apple spokesman Bill Evens said “The vast majority of OS X users are not at risk“. This statement was in regards to the recently identified “Shellshock” bug that is a vulnerability in Bash or “shell” commands within Nix systems such as Linux, Unix & Mac OS (based on the Unix OS).

Well Monday night Apple changed their tune and released patches for the Bash vulnerability on their website, not via the Apple Software Update tools us Mac users are accustomed to. Patches for Mac OS X versions, Lion, Mountain Loin & Mavericks can be found at these links. Follow the steps Apple includes to run the patches. Read more about OS X Bash update 1.0 in this KB article from Apple (http://support.apple.com/kb/HT6495).

Verify Versions of Bash

After the updates are completed the below versions should be seen when you run this command to verify the versions:

$ bash --version

  • OS X Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)
  • OS X Mountain Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
  • OS X Mavericks:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
bash-window version1
Before Bash update – version 3.2.48(1)

 

bash-window version2
After Bash update – version 3.2.53(1)

 

Next Steps

As of late Tuesday night while writing this post, multiple media outlets were beginning to slam Apple saying the Bash patches provided so far were “incomplete”. They mentioned that the patching from Apple only addressed two or the three known Shellshock vulnerabilites. The 2 known that are covered in my above steps are: CVE-2014-7169 & CVE-2014-6271. Security research nerds are saying the OS X patch did not cover CVE-2014-7186 which is bug that could allow for a DoS (Denial of Service) attack preventing access to local and/or remote networks like the internet.

I am sure Apple will step up and toss out another patch soon. I am not overly worried, but I do love when media and analysts run to bash (no pun) firms for not having a fix fast enough. Laughable at times, I am sure they will find a cool story about a 9yr old boy who bent his daddy’s iPhone 6 to report on. Just saying.

 

 

 

Written by

Nigel Hickey is a Senior Technical Marketing Manager at NetBrain, bringing over 20 years of expertise in technical marketing and systems engineering. Known for creating engaging, strategic sales assets and delivering impactful presentations, Nigel specializes in promoting digital workspace and cloud solutions. His responsibilities include generating content, evangelism, collecting product feedback, and presenting at events.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.