'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
Security researchers from Red Hat have uncovered a new exploit in the common "Bash" command shell found in OS X and Linux which can be used to deploy malicious code with minimal effort. Due to the ubiquity of the Bash shell, the exploit can affect a wide variety of different web-connected devices and properties, including unsecured websites, smart home appliances, servers, and more.
Security researcher Robert Graham noted on his blog that the Bash exploit is "as big as Heartbleed," referring to the flaw discovered earlier this year in the popular OpenSSL software which secures connections between clients and servers:
Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.
Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed.
Heartbleed was said to have affected 66% of the Internet, although Apple announced in April that the exploit did not affect its software or "key services." Apple also released updates for the AirPort Extreme and Time Capsule to better secure both web devices against Heartbleed.
A topic discussing the Bash exploit on StackExchange also notes that Apple did not include a fix for the bug in its latest round of security updates that came alongside the release of OS X Mavericks 10.9.5 last week. It is possible however that Apple will release a fix for OS X in the near future to address the exploit, similar to what it has done for other security issues in the past.
Popular Stories
Apple is developing an all-new operating system codenamed "Charismatic," according to Bloomberg's Mark Gurman.
Apple smart home hub concept
This is likely Apple's long-rumored "homeOS" operating system.
In a report this week, Gurman said both Apple's rumored smart home hub in 2026 and tabletop robot in 2027 will run the new operating system. He said the software platform will blend...
Apple made a major slip Wednesday when it accidentally included hardware identifiers in software code linking to numerous unannounced products.
The leaked information provided MacRumors with concrete evidence of Apple's hardware development across multiple product categories. Here's everything that was confirmed through the code discoveries:
New HomePod mini with updated chip – New...
Alleged images of the iPhone 17 Pro Max's internal design have surfaced, offering a potential look inside the device before it is announced by Apple next month.
The images were shared by the account "yeux1122" this week, in a blog post on the Korean platform Naver. The account aggregates Apple rumors and leaks, so it is likely not the original source of the images, and it is unclear if they...
An alleged iPhone 17 Pro production leak may provide a first look at the device's milled all-aluminum chassis, which this year includes the camera bump – in contrast to last year's iPhone 16 Pro model that features a glass camera module attached to an all-glass back panel.
Originally shared by leaker Majin Bu, the image below could be of a moulding, but it still lines up with rumors that...
At least one new Apple Watch model launching next year will feature a "significant redesign," according to Taiwanese supply chain publication DigiTimes.
In a paywalled report this week, citing supply chain insiders, DigiTimes claimed that a high-end 2026 Apple Watch model will feature "exterior design" changes, including but not limited to "eight sensors arranged in a ring pattern visible...
Last week, Apple released and then pulled a software tool that accidentally contained identifiers for many unreleased devices and chips, according to MacRumors contributor Aaron Perris. His findings included new models of the Studio Display, Apple TV, Apple Watches, Apple Vision Pro, iPad mini, HomePod mini, and more.
Here is what was uncovered in the file, according to MacRumors contributor ...
Rumors suggest that Apple is working on an updated version of the Apple TV that's slated for launch later this year. Information about the upcoming device that was found in Apple code indicates that it will be equipped with the A17 Pro chip.
There have been multiple rumors about a new Apple TV coming in 2025 with a new A-series processor, but it hasn't been clear which chip Apple would use...
