'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
Security researchers from Red Hat have uncovered a new exploit in the common "Bash" command shell found in OS X and Linux which can be used to deploy malicious code with minimal effort. Due to the ubiquity of the Bash shell, the exploit can affect a wide variety of different web-connected devices and properties, including unsecured websites, smart home appliances, servers, and more.
Security researcher Robert Graham noted on his blog that the Bash exploit is "as big as Heartbleed," referring to the flaw discovered earlier this year in the popular OpenSSL software which secures connections between clients and servers:
Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.
Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed.
Heartbleed was said to have affected 66% of the Internet, although Apple announced in April that the exploit did not affect its software or "key services." Apple also released updates for the AirPort Extreme and Time Capsule to better secure both web devices against Heartbleed.
A topic discussing the Bash exploit on StackExchange also notes that Apple did not include a fix for the bug in its latest round of security updates that came alongside the release of OS X Mavericks 10.9.5 last week. It is possible however that Apple will release a fix for OS X in the near future to address the exploit, similar to what it has done for other security issues in the past.
Popular Stories
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost.
The new perk is the ability to create invitations in the Apple Invites app for the iPhone, which launched in the App Store last month.
In the Apple Invites app, iCloud+ subscribers can create invitations for any occasion, such as birthday parties, graduations, baby showers, and more. Anyone ...
While the first iOS 19 beta is still more than two months away, there are already plenty of rumors about the upcoming software update.
Below, we recap the key iOS 19 rumors so far.
visionOS-Like Design
In January, the YouTube channel Front Page Tech revealed a redesigned Camera app that is allegedly planned for iOS 19.
According to Front Page Tech host Jon Prosser, the Camera app...
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps.
Unfortunately, this feature continues to roll out very slowly. It has been three and a half years since Apple first announced the...
Is Apple experiencing a "Vista-like drift into systemically poor execution?"
That was a question posed by well-known technology analyst Benedict Evans, in a recent blog post covering Apple's innovation and execution, or seemingly lack thereof as of late. He is referring to Microsoft's Windows Vista operating system, which was widely criticized when it launched in 2007 due to software bugs,...
Seasoned leaker Sonny Dickson has shared more dummy models of Apple's upcoming iPhone 17 series, with the latest lot revealing a noticeable shift in Apple's iPhone Pro model design that goes beyond the much-talked-about new rear camera bar.
Dickson points out that the iPhone 17 Pro dummy models feature an outlined area on the back, beginning just below the camera module and extending to the...
We're not getting new Siri Apple Intelligence features in iOS 18.4 as expected, but the upcoming update does have quite a few new additions that will be worth upgrading for. We've rounded up the five best features to look forward to, and if you're not running the beta, you can expect to get access to these in early April.
Priority Notifications
If you have an iPhone or iPad that supports...
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for.
Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Following the introduction of the iPhone 16e, new iPads and Macs, and some new accessories over the past month, what will Apple's next product announcement be? Based on rumors, a second-generation AirTag item tracker is likely next up.
Last year, Bloomberg's Mark Gurman reported that a new AirTag would be released around the middle of 2025. More recently, a leaker known as Kosutami claimed...
Serial leaker Sonny Dickson today shared an image of what he claims is a first look at a third-party case for Apple's iPhone 17 Air. "If you didn’t know an Air was coming, you'd swear it was a Google Pixel case," he said.
Case manufacturers often obtain design specifications of upcoming iPhone models before their release by collaborating with Apple through official partnerships or...
