More about the Shellshock bug
October 1st, 2014 by jyamada

First off, the bad news: Mac OS X 10.6 and earlier operating systems are no longer supported and will not receive a fix from Apple.

The good news is that Apple has released official patches for [10.7 Lion](http://support.apple.com/kb/DL1767), [10.8 Mountain Lion](http://support.apple.com/kb/DL1768), and [10.9 Mavericks](http://support.apple.com/kb/DL1769). And an enterprising group of open source folks have released instructions for patching older systems like [10.4 Tiger on PowerPC and 10.6 Snow Leopard on Intel](http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html).

The even better news is that you were probably not vulnerable in the first place.

Here’s more detail. A bug was discovered wherein the bash command line environment that is used in Mac OS X and other UNIX like operating systems could be tricked into running a line of maliciously crafted code. In general, an attacker would need to have physical access to your Mac in order to run the Terminal program.

There was a distinct danger for those people running servers connected to the internet because servers would open up the command line to provide extra services to internet users. These services are not turned on by default in Mac OS X. A user would have to have turned on Remote Management in the Sharing menu of their system preferences in order to have exposed themselves to the internet at large.

In summary: You were probably not at risk from this bug, and now there is a patch to fix the bug.

Comments are closed

»  Substance: WordPress   »  Style: Ahren Ahimsa