X

Apple patches Bash vulnerability on Macs

The company said previously that the vast majority of Macs were "safe by default" from the new security vulnerability known as the Bash or Shellshock bug.

Shara Tibken Former managing editor
Shara Tibken was a managing editor at CNET News, overseeing a team covering tech policy, EU tech, mobile and the digital divide. She previously covered mobile as a senior reporter at CNET and also wrote for Dow Jones Newswires and The Wall Street Journal. Shara is a native Midwesterner who still prefers "pop" over "soda."
Shara Tibken
2 min read

phil-schiller-apple-mac-0143.jpg
Phil Schiller, Apple's head of marketing, talks about the company's Mac line during a recent event.

All of Apple's recent Mac computers are now safe from a security flaw that could potentially allow hackers to take over an operating system.

Known as the "="" or="" "bash"="" bug"="" shortcode="link" asset-type="article" uuid="228cc095-2b38-444c-ba66-c7930b67f36b" slug="bigger-than-heartbleed-bash-bug-could-leave-it-systems-shellshocked" link-text="" section="news" title="​'Bigger than Heartbleed': Bash bug could leave IT systems in shellshock" edition="us" data-key="link_bulk_key" api="{"id":"228cc095-2b38-444c-ba66-c7930b67f36b","slug":"bigger-than-heartbleed-bash-bug-could-leave-it-systems-shellshocked","contentType":null,"edition":"us","topic":{"slug":"cybersecurity"},"metaData":{"typeTitle":null,"hubTopicPathString":"Tech^Services and Software^Online^Cybersecurity","reviewType":null},"section":"news"}"> , the latest vulnerability for the world's computers involves the execution of malicious code within a bash shell -- a command-line shell used in many Linux and Unix operating systems, and by Apple's Mac OS X operating system.

Apple on Monday said it has now patched the Bash vulnerability for its OS X Lion, Mountain Lion and Mavericks software. The company also created a site for users to download the Bash update.

The move followed a statement by Apple late last week that most Mac users were safe from the security flaw, but it was "working to quickly provide a software update for our advanced UNIX users."

"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems," Apple said last week. "With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services."

The Bash glitch is reminiscent of the Heartbleed security flaw that left information stored on data servers potentially vulnerable to hackers. Heartbleed was first identified in April, and an estimated 300,000 servers were still exposed two months later.

Some security experts have said the Bash bug is bigger than Hearbleed because it "interacts with other software in unexpected ways" and because an "enormous percentage" of software interacts with the shell.

Bash, a quarter-century-old security flaw, allows malicious code execution within the bash shell (commonly accessed through Command Prompt on PC or Mac's Terminal application) to take over an operating system and access confidential information.