Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
- Thread starter MacRumors
- Start date
- Sort by reaction score
I think Apple has been slow because they use an old version of Bash and have to backport the fix to it, test it, test it again, etc. It's not as easy as grabbing the patch from Linux or BSD and applying it.
I have no idea why they don't just use an updated version of Bash.
Nope. The fact that windows doesn't even have a terminal is a flaw in itself. And nope, windows power shell is a joke.
There's some fixes you can try at http://apple.stackexchange.com/ques...e-remote-exploit-cve-2014-6271-and-cve-2014-7
I already patched using the method with Xcode (you'll need to install it from the App Store) - very easy.
I already patched using the method with Xcode (you'll need to install it from the App Store) - very easy.
This is incorrect. The patch they released is incomplete: http://seclists.org/oss-sec/2014/q3/685. There's a new version as of a couple of hours ago, but that one still needs to be tested, let alone ported to Apple software.
I would add to the click-baiting headline that this particular exploit is in fact unlikely to affect the vast majority of OS X users, except that their home router or the Internet websites they visit may be compromised, same as users of every other operating system.
That would be amusing indeed. 99% of security holes exist on M$ products. This is nothing. The only issue is that it's so widespread and much of the software will never be patched.
Actually the patch that I used as I noted in the above message worked great and the terminal test for showing the vulnerability (env x='() { :;}; echo vulnerable' bash -c "echo this is a test") showed the patch worked.
Windows does not need a terminal and it has a command line interface. Type "cmd.exe" and there is the Windows "Terminal".
The OS's have a very different architecture. I like both and use both.
----------
This. Mil-spec is required for private appointments and birthdays, documents like cooking recipes and calculations about the true costs of your cars.
Sorry bud. You picked the wrong forum member to call an apple basher. Jsameds is a certified apple lover. Post history will verify.
There are some who think if you are a fan of apple you automatically give up the ability to criticize them when mistakes are made. You must praise, excuse, or cast a wide net snaring other companies with issues; but never criticize.
Thankfully the vast majority of this forum can rationally evaluate issues on their merits and render an opinion based on the actual issues.
The smaller iPhone has a weak point there too; it's because of the buttons which of course require a hole in the case. That's a natural weak point.
As for why the plus bends more easily than the non-plus, I'm not sure. Of course it being smaller means it's harder to bend unintentionally (smaller size means less force) but it also seems to be harder to bend intentionally. Which, given that it's also slightly thinner than the 6 plus, I can't really explain.
Very offtopic here - I joined the discussions and gave up, too many "fanboys" in this forum. I sum it up with "A bent iPhone is nothing what iPhone users really want". Everybody can deal with this according to personal preferences.
Now I know you can execute some BASH commands from within iOS, does anyone know if iOS is vulnerable?
(We don't have a BASH shell to manipulate as a user in iOS, but that doesn't mean one isn't sitting in there where we can't get to it)
(We don't have a BASH shell to manipulate as a user in iOS, but that doesn't mean one isn't sitting in there where we can't get to it)
So it's more likely to directly affect my web host than me? Is something like Forklift a conduit for this vulnerability?
Nothing. They're still worth billions of dollars and are not dying just because farewelwilliams says "you're out", your opinion ain't that powerful. Apple watch is a new product category, which are traditionally announced many months before they launch. Think iPhone, iPad. As for your iPhone that you apparently still don't have, maybe you should have thought of that and pre-ordered earlier than you did if you absolutely MUST have it within a week of it's launch. Otherwise, you'll get it next month because it's a brand new product and supplies are a bit constrained. God, what a baby...
it seems to me that if someone is in a position to run bash scripts, then they already have the access they need, unless I am missing something.
unless this is like an SQL injection exploit?
unless this is like an SQL injection exploit?
Huh? A flaw that is inherent in Linux/Next/OSX is suddenly Apple's fault?
Today's Operating systems are very complex with millions of lines of code. Things like this are bound to happen.
I turn my Windows PC and I have a ton of updates EVERYDAY. Lets not get into Windows vs Mac here.. just saying.
That's very simplistic. You checked that one symptom of the vulnerability is gone. There may be other symptoms that are less visible that need fixing. There may be required functionality that is negatively affected. You don't want a patch that fixes the vulnerability but breaks half of the functionality of bash.