“Apple’s OS X is vulnerable to the Shellshock bug, but it’s not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system,” Jeremy Kirk reports for PCWorld.
“Shellshock is the nickname for a flaw in the Bourne Again Shell, or Bash, which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer,” Kirk reports. “Apple, which plans to patch the flaw, said most users are fine unless they’ve tweaked advanced Unix settings.”
“Bash would be exposed if a user turned on the remote login capability for all users, including guests,” Kirk reports. “Another scenario in which adjusted settings could make a difference is on a Lion OS X server running Apache or PHP scripting environments… If Apache is configured to run scripts, an attacker could insert variables into a script that a Bash shell would run.”
Read more in the full article here.
Apple: Vast majority of OS X users safe from ‘Shellshock’ bash exploit, patch coming quickly for advanced Unix users – September 26, 2014
The Bash ‘Shellshock’ bug and workaround – September 25, 2014
U.S. government warns of Bash flaw affecting Apple’s OS X, other Unix-based systems – September 25, 2014