Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
Security researchers from Red Hat have uncovered a new exploit in the common "Bash" command shell found in OS X and Linux which can be used to deploy malicious code with minimal effort. Due to the ubiquity of the Bash shell, the exploit can affect a wide variety of different web-connected devices and properties, including unsecured websites, smart home appliances, servers, and more.
Security researcher Robert Graham noted on his blog that the Bash exploit is "as big as Heartbleed," referring to the flaw discovered earlier this year in the popular OpenSSL software which secures connections between clients and servers:
Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.Heartbleed was said to have affected 66% of the Internet, although Apple announced in April that the exploit did not affect its software or "key services." Apple also released updates for the AirPort Extreme and Time Capsule to better secure both web devices against Heartbleed.
Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed.
A topic discussing the Bash exploit on StackExchange also notes that Apple did not include a fix for the bug in its latest round of security updates that came alongside the release of OS X Mavericks 10.9.5 last week. It is possible however that Apple will release a fix for OS X in the near future to address the exploit, similar to what it has done for other security issues in the past.
[ 186 comments ]
Top Rated Comments
(View all)
62 months ago
strike three. you're out...
now what?
*still waiting for iPhone + Apple Watch*
*facepalm* you people don't know what bash is do you. this has nothing to do with apple.
62 months ago
Always interesting to find out that a security bug like this has been around for years and no one knew about it until just now.
If only Bash would have been open source so people could search bugs in the source code
/s
62 months ago
Always interesting to find out that a security bug like this has been around for years and no one knew about it until just now.
62 months ago
No, as far as I have seen so far the first initial patch didn't actually fix the problem. The fact is that the bug was publicly disclosed yesterday, and you are ranting because there is no patch today, as of yet.
The bug is fixed. The patch is available. Apple could have rolled it out by now.
The GNU people even were so nice to backport the fixes to the ancient version Apple is using because Apple doesn't want code that's licensed with GPL v3.
http://ftp.gnu.org/gnu/bash/bash-3.2-patches/bash32-052
Apple just has to apply the patch and provide a new bash binary through software update. Apple does not have to identify the bug, they don't have to come up with a solution, they don't have to verify the fix. Everything is done already.
Stupid politics are the only thing that prevent the release of this bugfix. Probably because they like to bundle patches so people think their software is more secure because it isn't patched that often.
62 months ago
I guess this could be the one time that Microsoft fans can say to OS X and Linux (really any 'NIX) fans that Windows DOESN'T have a flaw that IS present on OS X, Linux and any other Unix-based OS.
62 months ago
- iCloud hacks
Last month.
- iOS 8 issues
- iOS 8.0.1 issues
Ok.
- Bentgate
Physics.
- HealthKit issues
Part of 'iOS 8 issues'.
- iPhone 6 RAM issues
Not an issue at all, just some idiots who think RAM is free.
- Free U2 Album issues
Weeks ago.
- Restricted NFC chip
Not an issue, just a business decision that not everyone agrees with.
- Keynote streaming issues
Weeks ago. (Though otherwise valid.)
So yeah, not too bad at all.
62 months ago
Relax, people, the sky is not falling.
This problem primarily affects things running a (web) server.
Your home Mac might technically be affected, but you're likely not running anything that exposes the bug to an attacker.
This problem primarily affects things running a (web) server.
Your home Mac might technically be affected, but you're likely not running anything that exposes the bug to an attacker.
62 months ago
strike three. you're out...
now what?
*still waiting for iPhone + Apple Watch*
now what?
*still waiting for iPhone + Apple Watch*
62 months ago
Last month.
Ok.
Physics.
Part of 'iOS 8 issues'.
Not an issue at all, just some idiots who think RAM is free.
Weeks ago.
Not an issue, just a business decision that not everyone agrees with.
Weeks ago. (Though otherwise valid.)
So yeah, not too bad at all.
Apple apologist alert!
62 months ago
So is this only a problem if SSH sharing is enabled?
This is only a problem if you have something like a server that runs bash scripts that set environment variables to values that come from untrusted sources (e.g. html forms, API calls).
If you are not sure if you are running such a thing you are most likely not directly affected by this.
[ Read All Comments ]
Apple today seeded the first beta of an upcoming tvOS 13 software update to its public beta testing group, giving non-developers a chance to try out the new software ahead of its fall public release....
Apple today seeded the fifth beta of an upcoming iOS 12.4 update to developers, two weeks after seeding the fourth iOS 12.4 beta, and over a month after releasing iOS 12.3, a major update that...
Apple today seeded the third beta of an upcoming macOS Mojave 10.14.6 update to developers, two weeks after seeding the second macOS Mojave 10.14.6 beta and more than a month after the release of...
Apple today seeded the fourth beta of an upcoming watchOS 5.3 update to developers, two weeks after releasing the third watchOS 5.3 beta and a month after the launch of watchOS 5.2.1, an update that...
B&H Photo is further discounting a set of previous generation iMacs, providing the lowest ever price for the 21.5-inch model with 8GB RAM and a 1TB Fusion Drive. You can get this model for...
Microsoft plans to launch a small foldable Surface tablet in the first half of 2020, according to Jeff Lin, an analyst at research firm IHS Markit.
Microsoft Surface Go
In an email shared...
Augmented reality game Harry Potter: Wizards Unite got a surprise early release last week in the U.S. and the U.K., and Niantic has now rolled the game out to a global audience.
Early Sunday...
For this week's giveaway, we've teamed up with Tap to give MacRumors readers a chance to win one of the company's wearable keyboards, which Tap believes is the keyboard of the future.
...
