Two rather rare scenarios that can make OS X vulnerable to the Shellshock Bash bug

“Apple’s OS X is vulnerable to the Shellshock bug, but it’s not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system,” Jeremy Kirk reports for PCWorld.

“Shellshock is the nickname for a flaw in the Bourne Again Shell, or Bash, which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer,” Kirk reports. “Apple, which plans to patch the flaw, said most users are fine unless they’ve tweaked advanced Unix settings.”

“Bash would be exposed if a user turned on the remote login capability for all users, including guests,” Kirk reports. “Another scenario in which adjusted settings could make a difference is on a Lion OS X server running Apache or PHP scripting environments… If Apache is configured to run scripts, an attacker could insert variables into a script that a Bash shell would run.”

Read more in the full article here.

Related articles:
Apple: Vast majority of OS X users safe from ‘Shellshock’ bash exploit, patch coming quickly for advanced Unix users – September 26, 2014
The Bash ‘Shellshock’ bug and workaround – September 25, 2014
U.S. government warns of Bash flaw affecting Apple’s OS X, other Unix-based systems – September 25, 2014


  1. Other equally likely scenarios that could allow access to your information are:
    – Leaving your computer at Starbucks, logged in
    – Walking around the shady side of town asking people if they’d like to access your information.

    1. Share your information on Facebook such as your DOB, parents name, school names, old friends, children etc… Make it easy to social engineer and get access to your accounts.

      Ah yes, use one password with the same email address (that is so easy to find) on all websites. That will really confuse identify theft people; after all how damn stupid can anyone be.

    2. Sorry. Only gave you 1 star. This is infinitely more information than Apple gave out. I just checked and turned off “all” on one of my machines. Don’t know how it got selected. My account name was in the ‘only these users’ box. Just the radiobutton was wrong.

    1. trondude…. that is a samsung android cheapie that you are using…. no wonder it sucked so bad. The Apple iPhone is the other one, you know, the one that does not come as BOGO.

      Just saying. 🙂

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.