shellshock Stories September 29, 2014

Apple has just released a new download for users on OS X Mavericks to address the recently-discovered “Shellshock” bug. Apple previously noted that that only a few Macs were actually impacted by the bug and that most users were protected by default. The company promised to release an update shortly to address those who had manually configured their computers in a way that left them exposed.

For users on older versions of OS X, the Mavericks fix will not work. To secure those systems, there are separate downloads for Lion and Mountain Lion. The patch will likely be available through the built-in OS X Software Update mechanism soon. There is currently no patch for machines running the public or developer builds of OS X Yosemite.

shellshock Stories September 25, 2014

Update: Apple has issued a statement to iMore regarding this issue, stating that most Mac users are already protected unless they have configured “advanced UNIX services.” An update is in the works to protect those users.

A vulnerability in Bash, the software used to control the command shell in many flavors of Unix, has been shown to be present in OS X – with some security researchers saying that the flaw could pose a bigger threat than the Heartbleed vulnerabilty discovered last year (which affected many Unix systems but not OS X).

The Bash vulnerability being referred to by some as ‘Shell Shock’ allows an attacker to run a wide range of malicious code remotely. It was discovered by security researchers at RedHat, and is described in detail in a blog post.

There are conflicting reports as to the extent to which Mac users are at risk …  expand full story

Powered by WordPress.com VIP