You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Shellshock

Any idea how to safeguard your system before Apple is supplying a patch?


Thanks for your ideas


LL

OS X Mavericks (10.9), Yes, I still love my Newton...

Posted on Sep 25, 2014 6:00 AM

Reply
Question marked as Top-ranking reply

Posted on Sep 25, 2014 6:37 AM

I think you're better of in this topic: CVE-2014-6271 bash vulnerability

12 replies

Sep 25, 2014 11:03 AM in response to Esquared

The truth is: yes you are technically vulnerable. But the reality is unless you allow SSH access from remote connections or a web server that runs server side scripting, you are not at risk. You are only truly vulnerable if someone you do not know can remotely access your machine & do so in a way where a Bash command can be executed.

So this issue is mainly of concern to system administrators on Mac OS X & Unix/Linux servers exposed to the world, not desktop users who do not enable SSH sharing.

Sep 25, 2014 3:23 PM in response to Long Lane

To patch manually the bash shell follow this tutorial: http://mac-how-to.wonderhowto.com/how-to/every-mac-is-vulnerable-shellshock-bash -exploit-heres-patch-os-x-0157606/; Apple doesn't seem to release an update soon, Linux users and servers already they got patched. If you don't want to patch your bash I strongly advice you not to use it. Remember that this is a really huge exploit of the system and some have already reported that hackers are using the security flow to enter in some systems.

Sep 25, 2014 3:28 PM in response to fmiranda

No, it's not true users can still invoke the bash shell on yor system remotely and they do not need admin rights to do that, that is why is dangerous; hackers have been already reported to hack systems. Linux however have already realesed a security patch which can partially stop the attack and reports says that another patch will be release tomorrow which can definetely stop the exploit. On the other hand Apple did not release anything yet but some websites are showing a way around to update your bash to the latest version. if you know what ur doing give it a go .. i was vulnarable now I'm not in both my Mac and Lnx system :-)

Sep 26, 2014 2:56 AM in response to fmiranda

fmiranda wrote:


The truth is: yes you are technically vulnerable. But the reality is unless you allow SSH access from remote connections or a web server that runs server side scripting, you are not at risk. You are only truly vulnerable if someone you do not know can remotely access your machine & do so in a way where a Bash command can be executed.

So this issue is mainly of concern to system administrators on Mac OS X & Unix/Linux servers exposed to the world, not desktop users who do not enable SSH sharing.

True, potentially not as vulnerable as web servers. But this exploit could used for privilege escalation like with a malicious app or drive-by download in combination with other unpatched exploits.

Shellshock

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.