Skip to main content

Apple releases OS X bash update 1.0 addressing Shellshock vulnerability

Screen Shot 2014-09-29 at 5.28.58 PM

Apple has just released a new download for users on OS X Mavericks to address the recently-discovered “Shellshock” bug. Apple previously noted that that only a few Macs were actually impacted by the bug and that most users were protected by default. The company promised to release an update shortly to address those who had manually configured their computers in a way that left them exposed.

For users on older versions of OS X, the Mavericks fix will not work. To secure those systems, there are separate downloads for Lion and Mountain Lion. The patch will likely be available through the built-in OS X Software Update mechanism soon. There is currently no patch for machines running the public or developer builds of OS X Yosemite.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Jack Gressingh - 10 years ago

    Gmail on Apple’s Mail App is still very sluggish and the WiFi continues to drop out when my iMac goes to sleep with OS 10.9.5. When will Apple ever fix these problems caused by Mavericks?!

    • rafalb177 - 10 years ago

      I have similar problem with WiFi. 📡 Just select your router from the drop-down menu when your Mac wakes up. 😉 I can’t see any problems with Gmail, however I mostly use @icloud email. 📮

    • Edison Wrzosek - 10 years ago

      That doesn’t sound like a Mavericks issue, but rather a corrupted SMC.

      Reset the SMC by following the process listed here:

      http://support.apple.com/kb/HT3964

      That should alleviate most of your wireless radio issues.

    • Andrew Jung - 10 years ago

      Well not in this patch…

    • Mr. Grey (@mister_grey) - 10 years ago

      “I’ve got some random problem that no one else seems to have, and I have done absolutely no real research as to it’s cause, but I’m just going to say that it’s Mavericks fault.”

    • standardpull - 9 years ago

      I have a ton of Macs that use Mavericks and see absolutely no issues like that. And I’ve never seen clearing SMC do anything worthwhile.

      I very much doubt that your problem is Mavericks.

      I conclude that you are likely suffering from bad WIFI hardware.

      Not all router chipsets are equal. Some offer poor reliability to some clients while offering good performance to others. I’ve seen unreliable behavior with routers from Actiontec, Netgear, Trendnet, Asus, and several others. I have seen these bad performers work well with some clients and poorly on others. Most of my clients use Apple, Lenovo, HP, and Dell machines – and often time it injures one type of computer.

      Also, not all routers last forever. I have had several routers go bad over time. Most run 24×365, and some generate a bit of heat. Those capacitors dry out and they start to work on the edge of tolerances and then some clients start to fail.

      So this is what I’d do. All have been solutions to my clients’ WIFI woes:

      (1) Reboot everything. Heck, I’d consider hitting the main breaker of my house for 5 minutes. Nothing beats that!

      (2) Make sure your router’s firmware is up to date. If you’ve ever looked at the release notes for WIFI firmware upgrade you quickly appreciate how buggy these things can be. Cost: Free.

      (3) Simply replace the router with a newer, respected model from a different manufacturer. I have most certainly run into WIFI routers that worked fine for years, but simply wasn’t friendly with a particular client chipset. Why? I’m not sure. I did this a few months ago after a client brought in a set of Dell computers and their performance was insanely poor. After struggling for a week with all kinds of drivers, a replacement router addressed all concerns.

      (4) Note that a strong wifi signal strength does NOT equate to good WIFI signal. Noise is also something to contend with, and a strong signal coupled with heavy noise makes for an awful experience like the one you describe. And so consider a 5 GHz capable 802.11n router. Every Mac that can run Mavericks can use it. And specify a 5 GHz-specific SSID so that you are guaranteed to be using the 5 GHz channel.

      (5) I have seen the internal WIFI card in a Mac go bad, resulting in poor performance. I would go after this as a last resort because it is a pain to replace. These are pretty much commodity items and are generally available on Amazon, eBay, etc.

      And there you have it.

  2. Jose Ramon Jimenez - 10 years ago

    downloaded

  3. Charles Hood - 10 years ago

    No patch for Yosemite Beta? Seriously?

  4. And the patched version is still based off of the 6 or 7 year old bash 3.2. Apple’s GPLv3 aversion continues.

  5. Doesn’t work for me. On OSx 10.9.5 after installing the update I do:

    > env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

    And I get:

    vulnerable
    this is a test

    Which means that bash is still vulnerable. So am I missing something?

    • airmanchairman - 9 years ago

      Works for me…

      sh-3.2# env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

      this is a test

      sh-3.2# env X='() { (shellshocker.net)=>\’ bash -c “echo date”; cat echo ; rm -f echo

      date

      cat: echo: No such file or directory

      sh-3.2# echo $BASH_VERSION

      3.2.53(1)-release

      sh-3.2#

      I think you need to check if your bash is updated with the command:

      echo $BASH-VERSION

  6. artextrude - 9 years ago

    Why a security flaw fix is optional..????? App store update don’t bother to show it!!!!!!

    • driverbenji - 9 years ago

      you don’t need it. It will only come up on app store updates if you’ve installed advanced UNIX services…this article has failed to mention: “[Apple] previously stated that Macs “are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.” ”

      Unless you have done an optional install with Mac OS X for advanced UNIX services, you are not susceptible to this “‘shellshock’ security flaw”. Period.

      (I have done this optional install with a previous version of Mac OS X, unless you do this your mac does not have the UNIX command line shell app (“Bash”) installed on it, which is what is vulnerable.)

      • sexymac - 9 years ago

        wrong, I have a default mavericks install on a Mac mini that had the same bash vulnerability

  7. Pallav Jha (@jhapallav) - 9 years ago

    Is my macbook impacted ? I am seeing below output of Shellshock test:-

    MyName-MacBook-Pro:/ myname $ env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’
    vulnerable
    this is a test

  8. William - 9 years ago

    How come this update is not available through Software Update? (It’s 15:04 on Septtember 30, 2014 and I’m on an iMac running OS X 10.9.5.)

  9. Pratham Partap - 9 years ago

    My mac makes loud noises/ the fan.
    when i installed the update 10.9.4 and 10.9.5