Last updated: October 24, 2017
Apple released a Bash security flaw patch on Monday, September 29, 2014. The vulnerability impacts Unix-based systems, and was discovered and announced by a Red Hat security team. Called “Shellshock” (CVE-2014-6271), the Shellshock bash vulnerability allows an attacker to inject malicious code into your machine using a bash script.
The flaw has been present for a couple of decades, but Apple said that it posed no risk to most users of Mac OS X. Nonetheless, the company issued a patch for the flaw four days after it was first announced. Publicly commenting to iMore, an Apple spokesperson said:
The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson told iMore. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.
Apple has provide different Web pages containing the patch for each of the following OS X versions:
Information about the patch specific for OS X Mavericks, and to download the patch, please visit this Apple support page.
Information about the patch specific for OS X Mountain Lion, and to download the patch, please visit this Apple support page.
Information about the patch specific for OS X Lion, and to download the patch, please visit this Apple support page.
Thank you for visiting Tech Help Knowledgebase to learn about the Bash security flaw patch.