'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
Security researchers from Red Hat have uncovered a new exploit in the common "Bash" command shell found in OS X and Linux which can be used to deploy malicious code with minimal effort. Due to the ubiquity of the Bash shell, the exploit can affect a wide variety of different web-connected devices and properties, including unsecured websites, smart home appliances, servers, and more.
Security researcher Robert Graham noted on his blog that the Bash exploit is "as big as Heartbleed," referring to the flaw discovered earlier this year in the popular OpenSSL software which secures connections between clients and servers:
Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.
Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed.
Heartbleed was said to have affected 66% of the Internet, although Apple announced in April that the exploit did not affect its software or "key services." Apple also released updates for the AirPort Extreme and Time Capsule to better secure both web devices against Heartbleed.
A topic discussing the Bash exploit on StackExchange also notes that Apple did not include a fix for the bug in its latest round of security updates that came alongside the release of OS X Mavericks 10.9.5 last week. It is possible however that Apple will release a fix for OS X in the near future to address the exploit, similar to what it has done for other security issues in the past.
Popular Stories
Apple plans to announce new products "this week," according to Bloomberg's Mark Gurman.
Apple's "Mac Your Calendars" teaser last October
In his Power On newsletter today, Gurman said the products set to be updated this week include the iPad Pro, Vision Pro, and "likely" the base 14-inch MacBook Pro, with all three likely to receive a spec bump with Apple's next-generation M5 chip.
Gurman...
Apple's software engineers are internally testing iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions.
iOS 26.0.2 will likely be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet.
The update will likely be released within the next few weeks.
Last month, Apple released iOS...
Buried in its announcement about "F1: The Movie" making its streaming debut on December 12, Apple has also announced that Apple TV+ is being rebranded as simply Apple TV.
A single line near the end of the press release states "Apple TV+ is now simply Apple TV, with a vibrant new identity," though Apple's website has yet to be updated with any changes, so we're unsure on the details of the...
While the iPhone 18 Pro and iPhone 18 Pro Max are still nearly a year away, a handful of new features and changes have already been rumored for the devices.
Below, we have recapped some of the early iPhone 18 Pro rumors so far.
Smaller Dynamic Island
The standard iPhone 18, iPhone 18 Pro, and iPhone 18 Pro Max will be equipped with a slightly smaller Dynamic Island, but the devices will...
Update: the Naver account appears to be referencing a speculative post on X by Vadim Yuryev, dated October 6. The original article follows.
Apple will announce new products through a series of press releases beginning as soon as next week, according to a dubious claim posted on the Korean blog Naver.
The Naver blog account yeux1122, which aggregates rather than originates Apple...
After releasing AirPods Pro 3 last month, Apple is already working on the next AirPods Pro, according to Bloomberg's Mark Gurman.
It is unclear if the new AirPods Pro would be branded as AirPods Pro 4, or if they would be considered an updated version of AirPods Pro 3. Gurman did not take a position, opting to describe them as a "new version" of the "high-end in-ear buds."
AirPods Pro 2...
Apple's second-generation smart glasses with an in-lens display may have two modes, depending on which device they are connected to.
Meta Ray-Bans without an in-lens display
In his Power On newsletter today, Bloomberg's Mark Gurman said he was told a future version of Apple's smart glasses may be able to run a full version of the visionOS operating system when they are paired with a Mac, and...
Apple has essentially discontinued Clips, its video-editing app designed to allow users to combine video clips, images, and photos with voice-based titles, music, filters, and graphics to create enhanced videos that can be shared on social media sites.
The app has been removed from the App Store, and a support document on Apple's site says that the app is no longer being updated and would no ...
Recent reports suggest that there are now no redesigned Apple Vision headsets in active development, with the company's focus pivoting decisively to smart glasses.
When Apple announced the Vision Pro in mid-2023, it described the device as the dawn of "spatial computing," a new paradigm that would eventually rival the iPhone in importance. With a $3,499 starting price, intricate design and...
