Skip to main content
  1. Home
  2. Computing
  3. Apple
  4. Web
  5. Legacy Archives

Shellshock bug in Bash affects Linux and Mac OS X, but the first fixes are already out (Updated)

Add as a preferred source on Google

Update 9/26/14 6:04 p.m. ET by Konrad Krawczyk: According to the official Red hat security blog, additional patches that are designed to combat and rectify the problems associated with the Shellshock bug in Bash have been released.

On top of that, Red Hat says that “patches are available for most operating systems.”

Recommended Videos

Red Hat goes on to say that it does not know of any exploits which target Bash on systems that have the latest patches installed. As for why these flaws weren’t discovered faster, the blog post states that the holes in Bash were in a feature that was “obscure” and “rarely used.”

As for OS X based systems and the risks posed to them as a result of this threat, an Apple rep reportedly stated that the “vast majority of OS X users are not at risk to recently reported bash vulnerabilities.”

Original story

The hits just keep on coming for the cyber security world. The newest threat to land is called Shellshock, and it affects something called Bash.

Bash, which is short for “Bourne again shell,” is a piece software that controls Linux’s and OS X’s command prompt. The U.S. government says that the vulnerability in Bash affects “Unix-based operating systems such as Linux and Mac OS X.”

The United States Computer Emergency Readiness Team states that the flaw could “allow a remote attacker to execute arbitrary code on an affected system.”

Related: How to check if your servers and systems are affected by the Shellshock flaw in Bash

The National Vulnerability Database rates the severity of this problem at “10.0 HIGH.” On top of that, at least one cyber security expert says that it’s not difficult for a seasoned hacker to exploit the flaw in Bash.

“Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera,” Tod Beardsley of Rapid7, a cyber security firm, said to Reuters. “Anybody with systems using Bash needs to deploy the patch immediately.” 

The first patch that was released to address the flaw was found to have problems of its own, preventing it from fixing the issues that it was designed to rectify in the first place. That’s according to the official Red Hat Security Blog.

This is being followed up with a new patch that should right the wrongs caused by the first update. However, Red Hat still recommends that users apply the original, buggy patch, instead of waiting for the new patch to come out.

That’s because, as Red Hat’s latest security blog update states, the problems associated with the flawed patch are “less severe,” and that “patches for it are being worked on.

In the meantime, Apple has yet to issue any patches of its own that address the Shellshock bug.

 

Konrad Krawczyk
Former Computing Editor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
How to install macOS 27 Golden Gate public beta on your Mac?
From a smarter Siri to a more reliable Spotlight, here's your full walkthrough for installing macOS 27 Golden Gate's public beta today.
macOS 27 Golden Gate

Along with iOS 27’s public beta, Apple has also released macOS 27 Golden Gate’s public beta build, so that early adopters can get their hands on the new features, including Siri AI, and provide timely feedback to help ensure a stable iOS launch in September. 

If you’re sold on all the new features but don’t want to put your faithful MacBook through developer beta duty, a public beta offers a much more refined experience. To install macOS 27’s public beta, follow the steps given below. 

Read more
Microsoft is finally fixing the worst thing about Windows Search, but you can’t try it just yet
Windows Insiders in the Experimental channel are getting a Search experience that finally feels less of a billboard and more of what users actually need.
Page, Text, Person

Windows Search has been a mess for years, and I do not use that word lightly. Open it to find a file, and you get trending Bing topics, Microsoft Store promotions, and an AI tools tile that just opens a browser. 

That is changing, but not immediately for all users. Microsoft is rolling out a batch of Windows Search improvements to Insiders in the Experimental channel, and for once, this isn't just a fresh coat of paint.

Read more
Apple doesn’t want to share this AirPods feature with Meta, but the EU may force its hand
Spring 2027, EU only, built under DMA pressure.
The front of the Ray-Ban Meta smartglasses.

I’ve been an AirPods user for the last four years, and one of the things that makes it genuinely hard to leave behind is the seamless, almost magical pairing experience across devices. Open an AirPods case near your iPhone, and a pop-up appears within seconds. Switch to your Mac and the audio follows. 

However, the experience is limited only to Apple devices. Doesn’t matter whether you have one of the coolest pieces of tech on the market right now; if it’s not Apple, it won’t get the same treatment. However, that might change for the Meta Quest or the Ray-Ban Meta glasses, thanks to pressure from the EU. 

Read more