Fix Shellshock Vulnerability with OS X Bash Update

0

OS-X-Bash-fix

Stéphane Chazelas engineer has discovered a vulnerability in the GNU Bash shell allowing to execute code remotely. This program is the default shell in many Linux distributions and other Unix systems, including Apple OS X

Security researcher Robert Graham has said that the bug is a “great threat as Heartbleed” due to the length, age and characteristics of the problem. Similar to OpenSSL vulnerability, Bash restore security patch requires a large number of devices, including devices IoT (Internet of Things) are included as camcorders.

“A huge percentage of the software interacts with the shell in some way,” Graham writes in his blog. “Therefore, we will never be able to catalog all the software out there vulnerable to the bug in Bash. […] The number of systems to be patched, and will not, is much larger than Heartbleed”.

For now, the popular Red Hat, Fedora, Ubuntu and Debian have already posted two separate patches to avoid the so-called “Bug ​​Bash” or “Shellshock”. Meanwhile, Apple has not yet addressed the vulnerability in OS X, but has recently launched an update to the “command line tools”.

The Security Blog Red Hat has made ​​a small test to see if a system is vulnerable. To perform the test you only need to open a command prompt and type the following code:

CODE: SELECT ALL
env = x ‘() {:;}; echo vulnerable ‘bash c “echo this is a test”

If the system is vulnerable, the return will be:

CODE: SELECT ALL
vulnerable
this is a test

While if not you can read:

CODE: SELECT ALL
bash: warning: x: ignoring function definition Attempt
bash: error importing function definition for `x ‘
this is a test

Download  OS X Bash Update

  • OS X 10.7 Lion from here
  • OS X 10.8 Mountain Lion from here
  • OS X 10.9 Mavericks from here

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn, circle us on Google+