New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Releases OS X Bash Update to Fix 'Shellshock' Security Flaw in Mavericks, Mountain Lion, and Lion

Monday September 29, 2014 2:46 pm PDT by Juli Clover
Apple today released OS X bash update 1.0 for OS X Mavericks to fix a vulnerability in the bash UNIX shell.

The security flaw, known in the media as "Shellshock," was discovered last week. Uncovered by security researchers, the exploit in the bash command shell in OS X and Linux could be used to deploy malicious code.

bashupdate
According to an Apple spokesperson, most OS X users were not at risk form the bash vulnerabilities, but the company promised to work quickly to provide an update.
Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.
Along with the fix for OS X Mavericks, Apple has released updates for both OS X Lion and OS X Mountain Lion. There is no Yosemite download available as of yet, but Apple may be planning to issue a fix in the near future. The three updates are available via Apple's support pages and should be available via the Software Update tool soon.
[ 121 comments ]


Top Rated Comments

(View all)

Avatar
andyyardley
52 months ago
Will this update break my wifi? Or delete all my files?
Rating: 10 Votes
Avatar
chrisgeleven
52 months ago
Not seeing it in the App Store yet.
Rating: 9 Votes
Avatar
jayducharme
52 months ago

sucks for yosemite users.


I wonder if Yosemite is already fixed.

Hopefully, this update won't delete documents and kill your modem...
Rating: 8 Votes
Avatar
Xenomorph
52 months ago
Before:


$ bash --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)


After:


$ bash --version
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
Rating: 8 Votes
Avatar
sconnor99
52 months ago

Careful guys. This update disables your MacBook's keyboard.



!!@£!@$@%£^£&**(!!
Rating: 8 Votes
Avatar
gnasher729
52 months ago

It's a very highly published and potently exploitable bug. You don't need to be running a server for it to be exploited.

It could, for example, be exploited by malware that you download. The bash patch should be applied by everyone.


That's like saying that the door of my house is not safe, because someone could climb through my windows and open it from inside.

If you were stupid enough to have downloaded malware, that malware doesn't need to exploit any bugs in bash. It can just use bash.
Rating: 8 Votes
Avatar
LostSoul80
52 months ago

Will this update break my wifi? Or delete all my files?


Don't be silly.



Probably wifi issues.
Rating: 7 Votes
Avatar
Porco
52 months ago
I'm considering waiting for OS X bash Update 1.2 ...
Rating: 7 Votes
Avatar
Huracan
52 months ago
I don't see this in regular software update, isn't this important enough to show there? ;)

----------

Ok, I think this is when the rubber meets the road. This is a major security hole. Apple is big in security. It always made fun of PC because of the viruses afflicting PC machines. We are all holding our breath to hear great news about how Apple is going to tackle such a huge security hole, and then:

This is what we get:
1. Some PR announcement saying that most people are not affected, without going into details on who might be affected and how. Pathetic :(
2. Releasing a fix that apparently is not even available through regular update.

I have a Ubuntu machine and I think i have received no less than 3 updates to bash since the problem was announced.

I know that a big company has to be cautious about the fixes it releases, but this is bordering a ridiculous failure. I would expect a multibillion corporation to fix this quick and with full transparency.

My 2 cents.
Rating: 4 Votes
Avatar
g-7
52 months ago


Hmm.
Rating: 4 Votes

[ Read All Comments ]