Is it true there's NO sec. upd. vs. Shellshock virus for SL?

If your shell is not exposed to the internet directly (i.e., most people not running a web server on their own computers), your system is unlikely to be affected in any way.

Matt

Michael Murphy3 wrote:

...

MacArthur's Park is melting in the dark

All the sweet green icing flowing down

Someone left the cake out it the rain

I don't think that I can take it

Cause it took so long to bake it

And I'll never have that recipe again

Oh noooooooo

~ Sung by Richard Harris on the 1968 album 'A Tramp Shining'

Nice song written by James Layne Webb "Jimmy Webb"😉.

Jimmy Webb wrote most of the pop songs in the late 60s.

Grammy

"Up, up and away

in my beautiful balloon."

MM3

😢

seems that as soon as you get reliably settled with Pro Apps running, Apple requires thaata you spend an enormous amount of $$ to keep up with a $100 OS. Seems if Apple has an SDK for SL and all others following, it would simply require 'punch the SL magic twanger' along with the others and publish. Go figger

👿

ÇÇÇ

Are you running a web server?

Re: Shellshock

I still have an external partition with a bootable Snow Leopard; however, I no longer expect support as it was discontinued more than 3 years ago, so one can't expect support indefinitely. Some companies cease support as soon as a new version is introduced - well, there was Lion, Mountain Lion, Mavericks, and the soon to be released Yosemite and Apple issued updates for about 2+ years. That's pretty good.

There have not been any Security updates (other than XProtect updates) for Snow Leopard for over a year now, so it's not a big surprise that they aren't offering a bash update. They have not pushed this update to users of any newer OS's, so they certainly must feel that it isn't necessarily required for all users and to quote an Apple source here:

The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services.

Michael Murphy3 wrote:

You mean that if I were running - let's say Mountain Lion, that when I run a Software Update check, that the bash-shell/shellshock security update is Not offered to the typical desktop user?

Exactly. It is not offered to any user, typical desktop or otherwise. It is only available by downloading and installing it manually using the correct URL for the Lion, Mountain Lion or Mavericks Update.

Not Matt, but as long as I'm here.

Installing the Bash Update on your Mac will do nothing to protect you against a compromised web site that has the vulnerability. Bash would run on the server only, not on your Mac and the only rumored vector back to your computer might be associated with a DHCP server, not a web site. As to that rumor, this is what Apple is quoted as saying about it on Saturday:

The issue that remains, while it raises interesting questions, is not a security issue in and of itself.

We'll all just have to wait and see how that one goes.

MM3

Don't blame for questioning everything, as it seldom is as advertised...

Take care of the cojones and the frijoles will take care of themselves. - Lazarus Long