Apple: Majority of OS X users are not at risk to recently reported bash vulnerabilities
Posted by: Jon Ben-Mayor on 09/27/2014 05:54 AM [ Comments ]
The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.
The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.
Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines, according to the BBC.
The Hacker News picked up the public statement from Apple in response to this issue, assuring its OS X users that most of them are safe from any potential attacks through the ShellShock Vulnerability, which security experts have warned affect operating systems, including Mac's OS X.
"The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," Apple said. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."
Screenshot from Robert Graham, Errata Security .
According to Apple, in OS X majority of users are considered to be safe so long as they haven’t configured any advanced access. Soon the company will also issue an OS X update to fix the potential hole, till then the OS X users are advised to make sure that they don’t enable any advanced UNIX options before the patch releases.
The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.
Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines, according to the BBC.
"The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," Apple said. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."
Screenshot from Robert Graham, Errata Security
According to Apple, in OS X majority of users are considered to be safe so long as they haven’t configured any advanced access. Soon the company will also issue an OS X update to fix the potential hole, till then the OS X users are advised to make sure that they don’t enable any advanced UNIX options before the patch releases.
Comments