Apple Patches 'Shellshock' on OS X
Apple overnight released a patch for Mac OS X users susceptible to the Shellshock bug.
'We have patched the Bash vulnerability for OX X Lion, Mountain Lion, and Mavericks,' a company spokesman confirmed to PCMag.
Mac owners can find more details and a link to the download online.
The flaw impacts Bash, a widely used command interpreter also implemented in Apple's Mac OS X. If exploited, hackers can gain complete control over a targeted system.
Discovered last week, the bug has been likened to Heartbleed, which made headlines earlier this year. But unlike Heartbleed, which affected only a specific version of OpenSSL, the Shellshock flaw has been creeping into old devices for more than two decades.
Apple acted quickly, assuring most customers that they could breathe easy.
'The vast majority of OS X users are not at risk,' a spokesman said last week. 'With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.'
Last night, Cupertino released software updates for all users—from the most novice to those advanced enough to run UNIX.
According to the Akamai administrator who first disclosed the vulnerability, Shellshock is present in most versions of Bash, from 1.13 to 4.3, and is based on how Bash handles environment variables.
But despite the Web-based panic, there is actually no pressing need to fix the flaw, according to security expert Robert Graham, who said primary servers are probably not vulnerable.
Users are encouraged to scan the network for things like Telnet, FTP, and old versions of Apache. 'Anything that responds is probably an old device needing a bash patch,' Graham said last week. 'And, since most of them can't be patched, you are likely screwed.'