Tag: shellshocked

Apple is no longer shellshocked

tim-cook-securityApple has finally released updates to protect Mac OS X systems from the dangerous “Shellshock” bug.

The osxPatches are available via Software Update, or from the following links for OS X Mavericks, Mountain Lion, and Lion.

What is amazing is the amount of time that Apple has taken to get the patch to its users. Given that it was given a patch by open sources weeks ago.

Sources within Apple suggest that the company did not want to trust any outsider when it came to the patch and ordered its software engineers to come up with a version of its own. This resulted in a long delay.

It was also not helped by Apple claiming that it was invulnerable to the Shellshock bug.

“With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services,” an Apple spokesperson said last week, adding that the company is “working to quickly provide a software update for our advanced UNIX users.”

Shellshock has been built in to every version of bash since the system’s inception in 1989. A remote attack, nefarious users could potentially issue commands to an affected computer with the intent of gathering information modifying system files and more.

Mac owners running Mavericks can download the 3.4MB patch through Apple Support website, as can users operating Mountain Lion and Lion. For Mountain Lion, the fix comes in at 34.3MB, while the Lion download clocks in at 3.5MB. Alternatively, the patch is available through Software Update.

Apple not worried about being Shellshocked

tim-cook-securityWhen the Shellshock security hole was revealed, Apple users were warned that it would affect all users of the Mac operating system.

Given that Apple can send out updates, and the Shellshock vulnerability is comparatively simple to fix, one would expect Jobs’ Mob to send out an update smartly.

Apple has made a statement that it was “working to quickly provide a fix” to the vulnerability. However, a company spokesperson said that most Mac OS X users have nothing to fear as Apple gear was invulnerable to any attack.

“OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

Chet Ramey, the maintainer of bash, said in a post to Twitter that he had notified Apple of the vulnerability several times before it was made public, “and sent a patch they can apply” and “several messages”,

However Jobs’ Mob has not already packaged that fix for release and has largely ignored the problem.  The problem is that Apple refuses to trust anyone and is insisting that its own developers make modifications to the bash code.