Apple has finally responded to concerns over the Bash software bug, acknowledging that it is aware of the vulnerability. The company downplayed the risk saying that a vast majority of OS X users are safe from the exploits.
"With OS X, systems are safe by default and not exposed to remote exploits of bash", an Apple spokesperson said, adding that the bug only affects those who have configured advanced UNIX services. While the Cupertino-based company said it is working to quickly provide a fix for the problem, there was no word on when the update will be released.
Dubbed Shellshock, the vulnerability is caused by a little-known feature that allows bash programs to export function definitions from a parent shell to children shells, similar to the way you export normal environmental variables.
In addition to OS X, the bug, which has existed for more than 25 years, also affects Linux systems. Although some of the major Linux distributions, including RedHat, Ubuntu, CentOS, and more, immediately shipped patches for the bug, there have been reports that those patches only partially dealt with the problem. RedHat has acknowledged that the previous patch was incomplete, and said it was developing a new patch.
Meanwhile, attackers are moving rapidly to exploit the vulnerability. According to an iTnews report, the Wopbot botnet, which is active and scanning the internet for vulnerable systems, has already launched a distributed denial of service attack against Akamai's servers, and has also conducted a scan on the DoD's network.