Apple: Most OS X Users Safe from 'Bash' Security Flaw, Software Update Coming Soon
Yesterday, it was revealed that security researchers from Red Hat uncovered a major exploit in the "Bash" command shell found in OS X and Linux. Named "Shellshock" by security experts, the exploit allows hackers to gain access to web connected devices and services through the use of malicious code.
Now, an Apple spokesperson (via iMore) has commented on the matter, stating that the majority of OS X users are safe from the exploits and that the company is working to provide a software update for advanced UNIX users:
The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.
The exploit was called "as big as Heartbleed" by security researcher Robert Graham, who was referring to a flaw discovered in the popular open-source software OpenSSL that affected 66% of the Internet earlier this year. Apple eventually announced that Heartbleed did not affect its software or key services, and also released updates for AirPort Extreme and Time Capsule. It is likely that a fix for the Bash exploit will arrive relatively soon for users.
Popular Stories
Apple's AirTags are being used in an increasing number of targeted car thefts in Canada, according to local police.
Outlined in a news release from York Regional Police, investigators have identified a new method being used by thieves to track down and steal high-end vehicles that takes advantage of the AirTag's location tracking capabilities. While the method of stealing the cars is largely ...
Apple is working on five new Macs for launch in 2022, including a new version of the entry-level MacBook Pro, according to Bloomberg's Mark Gurman.
In the latest edition of his "Power On" newsletter, Gurman said that he expects Apple to launch five new Macs in 2022, including: A high-end iMac with Apple silicon to sit above the 24-inch iMac in the lineup
A significant MacBook Air...
Apple's next-generation MacBook Air is reportedly set to bring over many of the new MacBook Pro's features, with one noticeable omission, according to recent reports.
The latest MacBook Pro models feature a mini-LED "Liquid Retina XDR" display with deep blacks and support for up to 1,600 nits peak brightness. The display also features Apple's "ProMotion" technology, which is capable of...
Apple's chipmaking partner TSMC has kicked off pilot production of chips built on its 3nm process, known as N3, according to Taiwanese supply chain publication DigiTimes.
The report, citing unnamed industry sources, claims that TSMC will move the process to volume production by the fourth quarter of 2022 and start shipping 3nm chips to customers like Apple and Intel in the first quarter of...
Apple is planning an entire revamp of its Apple Watch lineup for 2022, including an update to the Apple Watch SE and a new Apple Watch with a rugged design aimed at sports athletes, according to respected Bloomberg journalist Mark Gurman.
Writing in the latest installment of his Power On newsletter, Gurman said that for 2022, alongside the Apple Watch Series 8, Apple is planning an update to ...
Top Rated Comments
If you think that holding this sort of an update for 3-4 weeks when a patch is available is acceptable I think your expectations are a little low.
Update needs to be shipped asap. End of story.
Glassed Silver:mac
All of you. Spare a thought for those loyal Mac users still running Snow Leopard.
I'm forced to keep my 2006 white, matte-screen iMac because Apple won't make anti-glare screen iMacs anymore. While the current iMacs have less glare, you can still use it as a mirror.
IIRC, the DHCP server can set those, let alone run scripts as soon as it successfully allocates an IP address to a client. So if running as a server, it could possibly affect it. It definitely does in Linux. I haven't set up dhcp server on my MBA, nor do I intend to, but the situation could still exist, especially if someone rolls their own.
I don't think you understand the magnitude of this vulnerability. EVERY version of Unix or unix-like operating system that uses bash is vulnerable: Linux, Solaris, OS X, Next, Ultrix, SunOS, OSF/1, AIX, HP/UX, NetBSD, FreeBSD, and Irix are all included. If you wanted to stretch it, Windows is also vulnerable through Cygwin. That sure as hell isn't the media blowing it out of proportion, especially if nearly every service a machine could run uses these as its underlying OS.
The magnitude of this is far more reaching than you realize.
BL.
the sky isn't falling?
This is just a media blitz against Apple.
I've used UNIX for over 30 years.
If you don't know what UNIX is, you're most likely not at risk at all.
If you like to tweak you OS with non-Apple configurations, you might be slightly at risk.
If you're a bonehead, you're at risk.
This is blown way out of proportion. Some poster say Apple needs to patch this immediately, B.S., 99.99999% of Apple users will never have an issue. However, if you are running Linux/Unix servers, you might want to watch this more closely.