TPD
the poor dad
Uh-oh 'Bash' could cause bigger threat to computers than 'Heartbleed'. My Mac isn't even safe from this one.
http://m.huffpost.com/us/entry/5878398
http://m.huffpost.com/us/entry/5878398
Bash security bug
- Thread starter TPD
- Start date
LibertyBeacon
Unto dust we shall return
Your Mac is OK if it isn't a server using bash for CGI scripts -- well bash is still vulnerable, its just that the vectors for attack are limited. The primary vector for attack on client machines that run unix-like operating systems is the dhcp client, which has hooks that call bash to do things like configure routes, the nameserver resolver, and the like. So all an attacker would have to do is stand up a rogue dhcp server and you are owned. However, in the case of Mac OS X, the dhcp client is built in such a way so as not to be vulnerable*. If you are offering sshd, just make sure it's not internet-facing as a mitigation and you'll probably be OK until Apple puts out a patch.
*Source: http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-how-bad-can-it-get/
That link above goes on to point out the biggest problem is likely to be embedded operating systems running things like broadband routers and the like. Many run busybox, which is not vulnerable, but many run bash which is going to be problematic.
So go ahead and return to being a smug Mac owner
Last edited: