Bash Bug Doesn’t Affect OS X Users, Claims Apple
A new security report yesterday discovered a loophole in the vastly used Bash utility of Linux and OS X. Termed as Shellshock or Bash bug, reports indicated that the bug is of major importance and was termed as something more dangerous than the Heartbleed with potentially long term influence. Using the Bash utility, a hacker could initiate a variety of attacks by adding an additional code affecting servers, devices, and most importantly, internet of things. Red Hat, the security firm responsible for this discovery suggested that the Bash bug could easily be fixed by restricting the additional code. However, it noted that patching will not be an easier job considering the exploit has remained undetected for years in enterprise level linux software and OS X.
Shellshock in OS X:
Shellshock affects any and all the Unix or Linux based operating systems. In a recent report, Apple has now issued a statement claiming that the vast majority of OS X users are in fact not at the risk of the Bash vulnerability and Cupertino is working towards releasing a patch.
The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.
The statement was released to iMore by Apple and perhaps would work as some helpful message for OS X users. Apple is having a bad month this September with consecutive scandals and mess-ups happening. From the loophole responsible for nude celebrity leaks of which Apple was already aware to the issues with iOS 8 and the iOS 8.0.1 update, the list is becoming endless. We do hope that OS X is actually not at the mercy of Shellshock and would not end up in major attacks over the internet.
- Source: iMore