how to fix the “Shellshock” security flaw

Sep 30

Posted by

shellshock update bash

Apple have today released updates to Bash for Lion, Mountain Lion and Mavericks. All users are recommended to update to Bash version 3.2.53(1) to patch the recently found “Shellshock” exploit.

At the time of writing the update for 10.9 wasn’t coming through OS X’s built in ‘Software Update’. The updates are available for download and install here:

http://support.apple.com/kb/DL1767 – OS X Lion
http://support.apple.com/kb/DL1768 – OS X Mountain Lion
http://support.apple.com/kb/DL1769 – OS X Mavericks





Advertisement

About philastokes

Independent Software Developer, Technical Writer and Researcher at SentinelOne. Explaining the unexplainable with images, video and text. Scripting anything imaginable in AppleScript, Bash, Python and Swift.

Posted on September 30, 2014, in Mavericks, Security and tagged , , . Bookmark the permalink. 1 Comment.

  1. alvarnell | September 30, 2014 at 09:01

    A couple of additional thoughts.

    I don’t believe the update will appear in Software Updates. If anything it will be accomplished as a silent background update in the same way that XProtect and several other critical system data updates take place. Users who feel they need this patch should use the links Phil has provided.

    This patch appears to only closes two (CVE-2014-6271& CVE-2014-7169) of at least five vulnerabilities, so there will undoubtedly be more to come.
    The other confirmed vulnerabilities are: CVE-2014-6277, CVE-2014-7186 & CVE-2014-7187.

%d bloggers like this: