Earlier this week, we reported on a newly-discovered security vulnerability, nicknamed ‘Shellshock’, that could affect UNIX-based operating systems including Linux, Mac OSX and Android – potentially even letting hackers overtake an operating system.
People have been calling it “worse than Heartbleed”, but Apple has spoken up to reassure OS X users who are concerned that they might be under threat, and promised that it’s working on a fix right now.
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” a spokesperson for Apple told TechRadar in a statement.
“Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
If you are in the minority of vulnerable folks that Apple refers to, the advice would be to switch off any of the advance UNIX services for now and hold out for a patch.
Bash has been present in every UNIX system since its introduction in 1989, which obviously means that the extent of the damage is potentially massive.
Which is why we’re crossing our fingers that Apple and other can patch the problem quickly, before the flaw is abused.
Bash vulnerability: everything you need to know