Apple: ‘Vast majority of OS X users’ need not worry about Shellshock exploit



Security researchers recently uncovered a bug in Bash, a core shell tool used in Linux and Unix computers for the last couple of decades. OS X is built on Unix, so concern arose about the Mac’s vulnerability to hackers exploiting Bash to remotely run code without the user’s consent.

Dubbed “Shellshock,” the exploit has been compared to the Heartbleed hack from earlier this year. Apple has quelled everyone’s fears by saying that the “vast majority of OS X users” are not vulnerable to Shellshock.

“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson told iMore. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

So if you don’t even have an idea of what “advanced UNIX services” are, you’re safe. And users advanced enough to know have likely already taken precautions to protect their Macs.

In case you’re still worried, it’s easy to check if your Mac is vulnerable to Shellshock by pasting the following command into Terminal:

env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

If you’re not vulnerable, you’ll get the following back:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ hello

Mavericks is the latest version of OS X that’s susceptible, so those of you already running Yosemite are safe.