Apple has moved to fix the Bash security flaw that affected many of the company's OS X-running computers.
Also known as Shellshock, the bug could allow hackers to take over a victim's computer. The vulnerability involves the execution of malicilous code within the Bash command shell, which is used in many Linux- and Unix-based operating systems, such as OS X.
Apple said it has now patched the flaw in its OS X Lion, Mountain Lion and Mavericks software. The company also set up a site for users to download the Bash update.
Following news of the vulnerability, Apple quickly moved to deny there was a problem and said the vast majority of users shouldn't be affected by the problem and that it was working to provide a software update for its advanced Unix users.
"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorised users to remotely gain control of vulnerable systems," Apple said last week.
"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services."
However, while the patch fixes two vulnerabilities, security researchers have discovered a third. According to Greg Wiseman of IT security firm Rapid7, another flaw.
"Amidst the flurry of activity and interest around Shellshock over the last week, several additional bash vulnerabilities have come to light. The initial fix for CVE-2014-6271 was incomplete, leading to CVE-2014-7169 being found," said Wiseman.
He claims to have found the extra vulnerability with a tool called bashcheck, which tests for vulnerabilities in an installed version of Bash, and that he found it to still be vulnerable to CVE-2014-7186. This could result in a denial of service attack preventing a computer from connecting to other networks, it is feared.
-
AI layoffs could spark a new wave of offshoringNews Analysts expect a wave of rehiring next year in the wake of AI layoffs. That may sound like good news for workers, but it'll probably involve offshoring or outsourcing.
-
Hackers are using these malicious npm packages to target developers Windows, macOS, and Linux systemsNews Security experts have issued a warning to developers after ten malicious npm packages were found to deliver infostealer malware across Windows, Linux, and macOS systems.
-
Common malware slipped past the macOS notarization process twiceNews Apple immediately revoked the notarization, but the adware slipped through again
-
Mac and Android malware on the rise, reports showNews New research suggest that malware for the two device families has spiked over the past year
-
Mac malware Eleanor hijacks your local files and emailNews Malicious code masquerades as file converter
-
Apple-certified ransomware affected fewer than 7,000 computersNews Downloads of KeRanger-infected Transmission BitTorrent client less widespread than feared
-
17,000 Macs hit by hackers via RedditNews The criminals infected the Apple computers with malware called Mac.BackDoor.iWorm
-
Adobe unveils Flash Player security updateNews Software vendor to plug security holes in media player with latest product update.
-
Macs under attack?In-depth It's arguable that the recent Flashback Trojan episode has been the tipping point when it comes to changing the face of the Mac security threatscape. But who is targeting OS X and iOS devices, how are they doing it and should the average business user be worried? Davey Winder investigates...
-
Apple OS X users warned of botnet riskNews Russian anti-virus vendor claims over half a million Apple devices could be infected with botnet.
