Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: johnchar
johnchar Author
User level: Level 1
8 points

shellshock virus

BBC news has posted a story about a new virus called shellshock. This virus apparently affects Mac computers. Anyone else come across this?

iMac (27-inch Late 2009), OS X Mavericks (10.9), new download

Posted on Sep 25, 2014 1:50 PM

Reply
4 replies
User profile for user: John Galt
John Galt
User level: Level 10
141,204 points

Sep 25, 2014 2:01 PM in response to johnchar

It's not a virus. It's just the latest scare tactic promulgated by popular media outlets to ensure the uninformed among us remain uninformed. The fact you characterize it as a "virus" is proof of that, on its face.


If you are running a web server download and install the recent patch from the GNU project archive. If and when Apple will release an update to the Bash version included with OS X is up to them.


There are plenty of bad things that could happen to a system due to existing vulnerabilities, known or unknown. There is no reason for any more concern today than there has ever been. Bash has been included with OS X for years, perhaps since its inception.


Similar vulnerabilities may also be discovered and exploited, now or in the future. The resulting effects, if there are any, cannot be accurately predicted.


Until then:


  • Ignore hyperventilating popular media outlets that thrive by promoting fear and discord with entertainment products arrogantly presented as "news". Learn what real threats actually exist and how to arm yourself against them.
  • Do install updates from Apple as they become available. No one knows more about Macs and how to protect them than the company that builds them.
Reply
User profile for user: Kurt Lang
Kurt Lang
User level: Level 9
58,284 points

Sep 25, 2014 2:02 PM in response to johnchar

Detailed info from user fmiranda, who lists him/herself as a Red Hat Solution Architect. In short, someone who likely knows a ton about Unix/Linux.


The truth is: yes you are technically vulnerable. But the reality is unless you allow SSH access from remote connections or a web server that runs server side scripting, you are not at risk. You are only truly vulnerable if someone you do not know can remotely access your machine & do so in a way where a Bash command can be executed.

So this issue is mainly of concern to system administrators on Mac OS X & Unix/Linux servers exposed to the world, not desktop users who do not enable SSH sharing.

Reply
User profile for user: PATRICKMELE
PATRICKMELE
User level: Level 4
1,009 points

Sep 25, 2014 2:12 PM in response to Kurt Lang

Some reading regarding these issues I came across if anyone is interested😉

http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/

http://nkush.blogspot.com/2014/09/patching-bash-shellshock-on-apple-max.html

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-va riables-code-injection-attack/

https://access.redhat.com/articles/1200223

http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html

Reply

shellshock virus

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up