Q: Has an OS update been released for the shellshock vulnerability?

Apple has promised an update for advanced Unix users (the only ones possibly affected are those running OS 10.9.5):

http://www.imore.com/apple-working-quickly-protect-os-x-against-shellshock-explo it

Advanced users who have OS X machines in a situation where they may be remotely exploited, such as systems administrators with internet-facing OS X servers, can mitigate the issue by recompiling bash with the official patches from GNU until Apple issues its own update:

If you are not running a web server, and even if you are running a web server, but DO NOT have any CGI scripts, then you are not at risk from that source.

If you do not enable Remote Login, or even if you do, you do not allow anonymous logins, then ssh users must first get past the username/password before they get access to bash (the reported ssh issues related to things like GIT Hubs that allow anonymous access to download software).  So it is unlikely you are at risk there.

If you have not enabled the CUPS web interface (Common Unix Printing System), and that only counts if you have your Mac on a public internet, then there is no risk there.

Apple has said they are working on a patch, but you should not panic for your personal systems.

http://www.macrumors.com/2014/09/26/apple-os-x-users-safe-bash-flaw-update-soon/

http://www.tuaw.com/2014/09/26/apple-most-users-safe-from-bash-security-flaw-she llshock-fix-c/?ncid=rss_truncated

http://threatpost.com/major-bash-vulnerability-affects-linux-unix-mac-os-x

http://www.tuaw.com/2014/09/25/how-to-patch-os-x-for-the-bash-shellshock-vulnera bility/?ncid=rss_truncated

I Don't think anyone said not to fix it. I think "Don't Panic" was the message.

RueckerFam wrote:

 

As a rule, I choose to close all vulnerabilities on my systems regardless of whether I'm susceptible to the exploit or not.  It's simply a good practice for anyone who is serious about security.

Well, then just to make sure you know there are additional bash vulnerabilities that are not included in this patch and at least one supposed security expert claims Apple's Shellshock patch for Macs is incomplete, says security researcher.

If Apple was convinced that there was a specific threat in-the-wild, I'm sure they would be pushing all users to install the current update, which they are obviously not.