Update: Apple Fixes: Bash is vulnerable!

Urgent Urgent~! Don’t look the other way from this one.

What is BASH? That’s an easy one: Bourne-Again SHell. A pun in that Bourne was the name of an originator of the predecessor Shell.

What is a Shell? Easy as well. An interface, basically, that allows one to directly speak to an operating system and give it instructions that it will follow. If you have done a ping or ipconfig, you have probably done it through a shell. Most every computer running a variant of Unix will likely have Bash since it is the open source version that nearly everyone picks.

But, let’s be clear here…if you did an ipconfig it was likely on a Windows computer and it isn’t running Bash.

But at this time your mac is running Bash, and it is vulnerable. Are you connected on a network? Are you certain that your sharing isn’t set up incorrectly?

Do you have a website running on a Linux server?

Either way, run this command in your terminal program:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If the response is Bash is vulnerable, then you’ll be wanting to fix that. There are already bots running around exploiting this flaw.

Here is the link that Digital Ocean sent to their clients:

How to Protect your Server Against the Shellshock Bash Vulnerability | DigitalOcean

Drop everything. At least make your servers safe, because there are already botnets running around with exploits.

For the truly bold – your author just did this successfully with his OSX 10.9.5 MacBook Pro – there is a solution to rebuild bash at:

Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here’s How to Patch OS X « Mac Tips

Another:

security – How do I recompile Bash to avoid Shellshock (the remote exploit CVE-2014-6271 and CVE-2014-7169)? – Ask Different

The other side of the panic for those with personal computers is that you have to logged in and that is with a password, right?

Leave a Reply