<< August 2014 | Home | October 2014 >>

Bandaid for shellshock vulnerability on OSX Mavericks.

Normally this blog would not discuss security vulnerabilities but since it seems like CVE-2014-6271, given the headline worthy moniker shellshock, will be a doozy we thought we would make a quick mention of how to solve the issue (at least for now) on OSX Mavericks.

You can test to see if you machine is vulnerable by opening your console/terminal

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

We have prepared a short script that you can run under terminal in order to fix the issue. It can be downloaded here.

You will need Xcode in order for the script to do its work.

Have a look at what it does. If you are happy our script is not trying to demolish your machine you can run it, and it will patch your system.

After successfully patching; running the test again will yield...

All done. One assumes Apple will release an official update at some point, so keep an eye out for it.