Apple releases patch to fix Shellshock bug in OS XBy Himanshu Arora
Apple has released an update for OS X Mavericks, Lion, and Mountain Lion that patches the recently discovered Shellshock bug in the Bash software used in many Unix-based computers. Dubbed OS X bash Update 1.0, the patch fixes the issues outlined in two common vulnerabilities and exposures (CVE) associated with the bug : CVE-2014-6271 and CVE-2014-7169.
The update comes just a few days after Apple said a vast majority of Mac users are safe from the bug, as it only affects those who have configured advanced UNIX services. The company promised to release a fix soon.
The Shellshock vulnerability is caused by the way in which Bash processes environmental variables, allowing hackers to take complete control of a targeted system. Cybersecurity experts have warned the bug could be even worse than Heartbleed, a critical vulnerability in the widely used OpenSSL security software which caused quite a stir earlier this year.
Meanwhile, exploits of the bug have already been spotted in the wild. A botnet by the name of Wopbot has launched a distributed denial of service attack against Akamai's servers, and has also conducted a scan on the DoD's network.