'Vast majority' of Mac users safe from Shellshock Bash bug, Apple says

Apple says users of its OS X operating system are "safe by default" from the new security vulnerability, which has been described as bigger than Heartbleed.

Apple says that most users of its Mac computers are safe. Sarah Tew

Update: Apple published a patch for the "Shellshock" bug on 29 September, though a security firm has suggested that the company's new update doesn't fix every vulnerability.

Apple says that most Mac users are safe from a newly discovered security flaw, one that could -- in principle -- allow hackers to take over an operating system.

Known as the , the latest vulnerability for the world's computers involves the execution of malicious code within a bash shell, which is a command-line shell used in many Linux and Unix operating systems, and by Apple's Mac OS X operating system. Apple however says that most people using its software have nothing to worry about.

"The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," an emailed statement from Apple to CNET said.

"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems," it continues. "With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."

The Bash glitch is reminiscent of the Heartbleed security flaw that left information stored on data servers potentially vulnerable to hackers. Heartbleed was first identified in April, and an estimated 300,000 servers were still exposed two months later.

For now, it seems there's nothing ordinary computer users can do to protect against the new security flaw, with the responsibility for patching the potential exploit resting with those that manage Web systems.

"Anybody with systems using bash needs to deploy the patch immediately," Tod Beardsley, an engineering manager at security firm Rapid7 told CNET yesterday.

Featured Video