“Shellshock is the nickname for a flaw in the Bourne Again Shell, or Bash, which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer,” Kirk reports. “Apple, which plans to patch the flaw, said most users are fine unless they’ve tweaked advanced Unix settings.”
“Bash would be exposed if a user turned on the remote login capability for all users, including guests,” Kirk reports. “Another scenario in which adjusted settings could make a difference is on a Lion OS X server running Apache or PHP scripting environments… If Apache is configured to run scripts, an attacker could insert variables into a script that a Bash shell would run.”
Read more in the full article here.
Apple: Vast majority of OS X users safe from ‘Shellshock’ bash exploit, patch coming quickly for advanced Unix users – September 26, 2014
The Bash ‘Shellshock’ bug and workaround – September 25, 2014
U.S. government warns of Bash flaw affecting Apple’s OS X, other Unix-based systems – September 25, 2014