Talking tech since 2003
Apple exploit Heartbleed Linux OS X //security Shellshock Bug Unix

Bash Bug Threatens Mac, Linux Security, and More

by Brian P. Rubin 2 min read

It’s been a few months since we were too worried about general Internet security, so thankfully we have a new exploit to freak out about. Referred to as “the Bash bug” or the “Shellshock bug,” the exploit was written about earlier this week by the Redhat Security Blog – though you’d be forgiven for not completely understanding the post’s dense explanation.

Apparently the Bash Shell has been hanging around since the 1980s, and it’s found in Macs and computers running Linux.

“It is common for a lot of programs to run Bash shell in the background,” says the post. “It is often used to provide a shell to a remote user (via ssh, telnet, for example), provide a parser for CGI scripts (Apache, etc) or even provide limited command execution support (git, etc).”

So here’s the problem:

“Coming back to the topic, the vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents.”

What’s that mean? That machines vulnerable to this bug can be “exploited remotely,” explains TechCrunch. Those machines could include Macs, Linux computers, even Internet of Things devices and smartphones – Android, after all, was built on Linux. Apparently Windows PCs are safe for now, according to another slide from TechCrunch, but who knows how long that will remain true?

In the meantime, the best way to limit your vulnerability is to make sure your machines are running the most up-to-date software. Moreover, while Macs are potentially vulnerable to the Bash bug, a post on CNET offers up a statement from Apple:

“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities. Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”

Of course, with every security exploit that seems to pop up, the best advice is simple and timeless:

[Sources: Redhat Security BlogTechCrunchCNET]

Read more posts by this author

Brian P. Rubin

Brian's been a writer-for-hire for the better part of ten years, creating content for Geek Magazine, Machinima, and even Hasbro's Trivial Pursuit. After living in New York for most of his life, he re

The link has been copied!
You've successfully subscribed to BestTechie
Welcome back! You've successfully signed in.
Great! You've successfully signed up.
Your link has expired
Success! Your account is fully activated, you now have access to all content.