Apple has released an important security update for Mac users, labeled as OS X Bash Update 1.0. The update addresses a recently discovered critical security flaw known as “Shellshock” that impacts the bash shell, the default shell used by the Terminal app of OS X, and is recommended for all users to install even if they don’t use the Terminal app, bash, or command line on the Mac.
The download is very small, weighing in around 3.5MB, and the release notes simply state “This update fixes a security flaw in the bash UNIX shell.” The security patch is currently available as three separate downloads for OS X Mavericks 10.9.5, OS X Mountain Lion, and OS X Lion. A bash patch for OS X Yosemite Public Beta and Developer Preview releases are not yet available.
Users can download the appropriate DMG file for their version of OS X via the links below:
- Bash Update for Mavericks (OS X 10.9.5+ required)
- Bash update for Mountain Lion (OS X 10.8.5)
- Bash Update for Lion (OS X 10.7.5)
Note that Mac users must be on the latest versions of their respective releases to install the update. Despite being a small update, it’s good practice to do a quick backup of your Mac with Time Machine or your backup software of choice before installing any system updates.
At the moment, the OS X Bash Update is only available through the Apple Support website, but presumably will also be released through the Software Update mechanism of OS X in the near future.
Though it’s unlikely that most Mac users have been impacted by any particular security breach, or are at risk of a breach from the Shellshock bash exploit, it’s still a good idea to install critical security patches like this. Apple previously offered the following statement to MacRumorsregarding the flaw and who it could impact:
“Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
The “advanced UNIX services” that Apple references are presumably Remote Login and the SSH server, which allow for remote administration, though a user would still need a valid login to gain access to a Mac, and another theoretical attack vector through weaknesses found possible through the optional OS X Apache web server, which allows Mac users to host webpages directly from their Mac. Again, it’s fairly unlikely that many Mac users have been at risk, even if they use the Remote Login or web server features of OS X.
Source: http://osxdaily.com/2014/09/29/os-x-bash-update-1-0-shellshock-patch/
If you want to contact RDT please feel free to call between the hours of 9am-8pm AEST. deon@robertsondt.com Ph: 0426279566 or visit https://www.facebook.com/rdtaus
No comments:
Post a Comment