Jump to content

BASH vulnerability patching for PPC/Intel OS X 10.4 to 10.9

verdant

By verdant,
in Reader News and Reviews

 Share
8 posts in this topic

Recommended Posts

verdant
verdant
Posted
Posted

Just to alert everyone running OS X to Cameron Kaiser's (of TenFourFox fame) universal (PPC/Intel OS X 10.4 thru to 10.9) new bash patch compiled from the newly patched source code, that is easy and quick to apply!

  • Like 4
Link to comment
Share on other sites
atlee
atlee
Posted
Posted

Hi Verdant,

 

You are only vunerable if someone already has access to your system. Without the attackers public key being stored under authorized_keys they have no way in. Yes it's a bad exploit but this exploit cannot be taken any further without any sort of access to begin with within a system. I have tested the exploit remotely on a system with an old version of bash and the simple vunerability test makes it no further.

 

atlee

Link to comment
Share on other sites
verdant
verdant
Posted
  • Author
Posted

Hi Atlee,

 

Even if attackers have no current access to a person's OS X system, given that Cameron Kaiser's bash patch fixes the two reported bash vulnerabilities in a quick and easy way, it does not make sense (at least to me) to continue using a vulnerable bash version when one can readily update bash to a non-vulnerable version, giving more peace of mind....but each OS X user has to make their own choice of how to react to the bash vulnerabilities reported.

Link to comment
Share on other sites
atlee
atlee
Posted
Posted

Hi Atlee,

 

Even if attackers have no current access to a person's OS X system, given that Cameron Kaiser's bash patch fixes the two reported bash vulnerabilities in a quick and easy way, it does not make sense (at least to me) to continue using a vulnerable bash version when one can readily update bash to a non-vulnerable version, giving more peace of mind....but each OS X user has to make their own choice of how to react to the bash vulnerabilities reported.

I should of really stated media is over-hyping a problem to make it seem more worse then it is. e.g. bigger then heart bleed omg :/ meltdown :) but at the end of the day fixing security holes is better then leaving yourself open.

Link to comment
Share on other sites
verdant
verdant
Posted
  • Author
Posted

Cameron Kaiser has posted a revised BASH version 4.3.27 to fix a 3rd vulnerability that has come to light.......just overlay it over your old copy of 4.3.26........ ;)

Link to comment
Share on other sites
verdant
verdant
Posted
  • Author
Posted

Cameron Kaiser has posted a BASH version 4.3.28 patch to fix all five currently known internal vulnerabilities.......just overlay it over your old copy of 4.3.2x........

Link to comment
Share on other sites
  • 2 weeks later...
 Share
Go to topic listing
×
×
  • Create New...