<< August 2014 | Home | October 2014 >>

About

A chronicle of Kruger Heavy Industries and our adventures in games development, our games and industry zeitgeist.

RSS | Atom | E-mail

Archives

2023	2022
2021	2020 July (1)
2019	2018 June (1) February (1)
2017 July (1)	2016 December (1)
2015 September (1) July (3)	2014 September (1) June (1) May (1) April (1) March (1) February (1)
2013 February (1)	2012 October (2) September (3) May (1) April (1)
2011 December (1) October (2) August (1) July (1) June (2) January (1)	2010 August (1) July (1) June (1) April (3) February (1) January (2)
2009 December (1) November (1) October (2) September (1)

Bandaid for shellshock vulnerability on OSX Mavericks.

Normally this blog would not discuss security vulnerabilities but since it seems like CVE-2014-6271, given the headline worthy moniker shellshock, will be a doozy we thought we would make a quick mention of how to solve the issue (at least for now) on OSX Mavericks.

You can test to see if you machine is vulnerable by opening your console/terminal

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
hello

We have prepared a short script that you can run under terminal in order to fix the issue. It can be downloaded here.

You will need Xcode in order for the script to do its work.

Have a look at what it does. If you are happy our script is not trying to demolish your machine you can run it, and it will patch your system.

After successfully patching; running the test again will yield...

All done. One assumes Apple will release an official update at some point, so keep an eye out for it.

Tags : bash, shellshock, vulnerability

Responses[2]

Posted by Chris Kruger on 26 September 2014 09:31:00 AWST #