Apple Releases OS X Bash Update to Fix 'Shellshock' Security Flaw in Mavericks, Mountain Lion, and Lion

[ouimetnick]

Careful guys. This update disables your MacBook's keyboard.

 

[laflores]

What! No support for us still running System 7 in Apple ][ servers? Apple doesn't care for the real pros no more!!

 

[wizard]

sucks for yosemite users.

Why? For the vast majority of users this isn't a problem on Mac OS.

 

[sconnor99]

Careful guys. This update disables your MacBook's keyboard.

!!@£!@$@%£^£&**(!!

 

[theBostonian]

Not seeing it in the App Store yet.

Just download it from Apple directly:

http://support.apple.com/kb/DL1769?viewlocale=en_US&locale=en_US

 

[Porco]

I'm considering waiting for OS X bash Update 1.2 ...

 

[wizard]

Did Apple simply update the version of Bash? As I recall, the version that ships with OS X is years old.

It is highly doubtful that we will see Apple updating to current release of BASH due to GPL 3. Frankly I think they are doing the right thing in that regard. It would be nice to see them fork BASH to continue development of the GPL 2 version.

 

[AppleP59]

Will be interesting to see the adoption rate giving the news apple has had the last few days alone.

However, I wonder how many average consumers (who don't frequent tech news sites) are aware of such issues.

 

[benthewraith]

I wonder if Yosemite is already fixed.

Hopefully, this update won't delete documents and kill your modem...

No.

 

[nzalog]

Installed it and now all my iOS devices turned into iPod touches.

 

[NMBob]

Installed it and now all my iOS devices turned into iPod touches.

Mine all turned into Samsung devices!!

 

[LordDeath]

It is highly doubtful that we will see Apple updating to current release of BASH due to GPL 3. Frankly I think they are doing the right thing in that regard. It would be nice to see them fork BASH to continue development of the GPL 2 version.

They don't need to fork or backport patches because luckily the GNU project provides patches for even older versions: http://ftp.gnu.org/gnu/bash/
bash 2.05b is from 2002 and even that one got an update.

 

[JosephAW]

I still have some servers running 10.2, 10.4 & 10.5 besides my desktop running 10.6
Fortunately there are some places to download binaries. I saw the tenfourfox site had some instructions for the rest of us.
Oh and how could I forget my mail server running 9.0.4!

 

[ArtOfWarfare]

It is highly doubtful that we will see Apple updating to current release of BASH due to GPL 3. Frankly I think they are doing the right thing in that regard. It would be nice to see them fork BASH to continue development of the GPL 2 version.

So you think they made a fork of an old version with the bug fixed?

 

[riverfreak]

Why? For the vast majority of users this isn't a problem on Mac OS.

It's a very highly published and potently exploitable bug. You don't need to be running a server for it to be exploited.

It could, for example, be exploited by malware that you download. The bash patch should be applied by everyone.

 

[Skoal]

YouTube: video

In life, this vulnerability is THE LAST thing people should worry about. Seriously! Non issue for most users....to include Yosemite!

 

[Crosscreek]

So does this mean I should be concerned with running Yosemite full time?

 

[wxman2003]

Deleted.

 

[jontech]

Verizon 6+ shows searching after update.....

 

[Gunny011]

Installed it and now my mac appears to be bending!

 

[jpr007]

What about 10.6.8

So I have one old iMac that is running 10.6.8 and cannot be updated further. It is linked to a half dozen other Macs on our network. It does not look like Apple will be doing anything to protect 10.6 users. Will that put all other computers on our network at risk?

Running 27" iMac 3.4 with Mavericks 10.9.5

 

[coolfactor]

Still not showing up for me. Could just be a delayed distribution to different user regions, but maybe it's because I had already installed the MacPorts version of bash and now Software Update thinks I don't need the update? That would be unfortunate because the installed Apple version remains vulnerable on my machine. I'll wait and see what happens in the next few hours, and then remove the MacPorts version if it still doesn't show up.

----------

So does this mean I should be concerned with running Yosemite full time?

No. Unless you have network services, such as Apache web server, running and accessible to the wider internet. That's rarely the case with a regular Mac. As Apple stated, only "advanced" users would be affected by this problem. Have you turned on any such advanced features and opened up additional network services to the outside world?

----------

I haven't seen it mentioned yet, but is bash installed on iOS? Is iOS vulnerable, as well, given its always-on nature?

 

[gnasher729]

It's a very highly published and potently exploitable bug. You don't need to be running a server for it to be exploited.

It could, for example, be exploited by malware that you download. The bash patch should be applied by everyone.

That's like saying that the door of my house is not safe, because someone could climb through my windows and open it from inside.

If you were stupid enough to have downloaded malware, that malware doesn't need to exploit any bugs in bash. It can just use bash.

 

[hkenneth]

sucks for yosemite users.

No sane person should open a server on a beta OS.

 

[macs4nw]

Maybe those responsible for iOS8 will feel just a tad guilty now after just having received a pat on the back from Tim for all their hard work, in addition to 3 extra days off during Thanksgiving week?

Not saying they don't deserve it but, com'on guys….. maybe a little more intensive testing and de-bugging.