Apple releases bash patch to plug 'Shellshock' security flaw in OS X Mavericks, Mountain Lion, Lion
As promised, Apple on Monday issued OS X bash Update 1.0 for OS X Mavericks, Mountain Lion and Lion, targeting the recently discovered "Shellshock" security flaw originating in the bash UNIX shell.
Following revelations that Shellshock was in the wild, Apple last Friday said that, while most consumers would go unaffected, it was working to patch the problem. That fix was released today for OS X 10.9 Mavericks, OS X 10.8 Mountain Lion and OS X 10.7 Lion.
"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services," an Apple spokesperson said last week, adding that the company is "working to quickly provide a software update for our advanced UNIX users."
Mac owners running Mavericks can download the 3.4MB patch through Apple Support website, as can users operating Mountain Lion and Lion. For Mountain Lion, the fix comes in at 34.3MB, while the Lion download clocks in at 3.5MB. Alternatively, the patch is available through Software Update.
Following revelations that Shellshock was in the wild, Apple last Friday said that, while most consumers would go unaffected, it was working to patch the problem. That fix was released today for OS X 10.9 Mavericks, OS X 10.8 Mountain Lion and OS X 10.7 Lion.
The bug, dubbed "Shellshock" by the computer security community, is theorized to be built in to every version of bash since the system's inception in 1989. A remote attack, nefarious users could potentially issue commands to an affected computer with the intent of gathering information modifying system files and more.This update fixes a security flaw in the bash UNIX shell.
"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services," an Apple spokesperson said last week, adding that the company is "working to quickly provide a software update for our advanced UNIX users."
Mac owners running Mavericks can download the 3.4MB patch through Apple Support website, as can users operating Mountain Lion and Lion. For Mountain Lion, the fix comes in at 34.3MB, while the Lion download clocks in at 3.5MB. Alternatively, the patch is available through Software Update.
Comments
I guess since Yosemite DP9 is tomorrow they’re ignoring us for now.
http://tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html
Should be all you need to fix it. I still run Tiger on my Cube as a music server, and on my 12" PB (admittedly, I don't use that one much anymore).
It's only 3.3MB, just another typo.
Thx.
Tiger server with no 3rd party on it (had Moodle, that's gone along with the supporting MySQL and PHP that I believe needed to call bash).
Tuesday morning, not showing up in my Software Update for Mavericks.
More annoyingly, now I have to obtain a patch for our Snow Leopard server. (Yeah, Snow Leopard is old, but like other server admins I avoid updating the OS unless it's unavoidable.)
Tuesday morning, not showing up in my Software Update for Mavericks.
Wish it would show up there. Would make it a heck of a lot easier to tell my folks how to do the update. Any one know what it doesn't appear in the software update? I thought we were past the days of having to download a package from a web address and running an installer. Sure, its simple enough for most of us here to do, but what about parents/grandparents who don't know this site exists?
If they're not running a public server, they don't have anything to worry about.
And Snow Leopard??
If they're not running a public server, they don't have anything to worry about.
I know there were some concerns originally about how DHCP is handled and if that could be exploited. The word today is that normal clients need not worry, but still why not just added it to the updates? My parents heard about the exploit on the news. They know "the issue" is out there, Apple has the patch, why not make it simple to get and install? For them the problem would be "fixed".
Oh yeah, I forgot about the DHCP exploit. It should be trivial for Apple to add the installer to the Mac App Store.
There are instructions on how to patch your system there too.
Want to help contribute to the project? Click on the GitHub link in the header and send in a pull request.
Thanks!
For more information about Shellshock, along with a website and standalone server tester you can visit https://shellshocker.net/
There are instructions on how to patch your system there too.
Want to help contribute to the project? Click on the GitHub link in the header and send in a pull request.
Thanks!
Any one know what it doesn't appear in the software update? I thought we were past the days of having to download a package from a web address and running an installer. Sure, its simple enough for most of us here to do, but what about parents/grandparents who don't know this site exists?
It has nothing to do with a person's age. It applies to all people who simply don't read computer news sites at all, let alone Apple rumor sites. We should certainly be beyond the days of having to search various websites to find an OS update.