<< Use an Xbox 360 Controller with Cortex Command on the Macintosh | Home | Planetoid Pioneers Ahoy >>

Bandaid for shellshock vulnerability on OSX Mavericks.

Normally this blog would not discuss security vulnerabilities but since it seems like CVE-2014-6271, given the headline worthy moniker shellshock, will be a doozy we thought we would make a quick mention of how to solve the issue (at least for now) on OSX Mavericks.

You can test to see if you machine is vulnerable by opening your console/terminal

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
hello

We have prepared a short script that you can run under terminal in order to fix the issue. It can be downloaded here.

You will need Xcode in order for the script to do its work.

Have a look at what it does. If you are happy our script is not trying to demolish your machine you can run it, and it will patch your system.

After successfully patching; running the test again will yield...

All done. One assumes Apple will release an official update at some point, so keep an eye out for it.

Avatar: Kranzky

Re: Bandaid for shellshock vulnerability on OSX Mavericks.

 > brew install bash

Re: Bandaid for shellshock vulnerability on OSX Mavericks.

If you have homebrew - you would probably need

> brew update 

> brew upgrade bash 

Then after that the vulnerable system version remains. Better to replace it altogether.