RobertX Posted September 30, 2014 Share Posted September 30, 2014 ...hi, this has been bugging me... ....it seems like an exploit that could really do harm...therefore I'm posting this as a public service to all concerned...take it or leave it...it is what it is...both my boxes were vulnerable, and I'm assuming so are most if not all of yours...so until apple gets the fix...here is a link to a manual update of bash in Terminal... tenfourfox.blogspot.com/2014/09/bashing-bash-one-more-time-updated.html (just copy and paste into your address bar...my mistake) Link to comment Share on other sites More sharing options...
MacUser2525 Posted September 30, 2014 Share Posted September 30, 2014 Get it from Apple. http://support.apple.com/kb/DL1769 1 Link to comment Share on other sites More sharing options...
RobertX Posted September 30, 2014 Author Share Posted September 30, 2014 Get it from Apple. http://support.apple.com/kb/DL1769 ...apple applied the fix without updating bash version... Link to comment Share on other sites More sharing options...
MacUser2525 Posted October 1, 2014 Share Posted October 1, 2014 ...apple applied the fix without updating bash version... That is generally what is done no sense introducing new breakage when you know the old... Link to comment Share on other sites More sharing options...
RobertX Posted October 1, 2014 Author Share Posted October 1, 2014 ...well, I installed the fix from apple(installed over my manually updated bash)...it appears to address all exploits reported(public and private) that I'm aware of after fix applied, from terminal: /bashcheck-master/bashcheckNot vulnerable to CVE-2014-6271 (original shellshock)Not vulnerable to CVE-2014-7169 (taviso bug)Not vulnerable to CVE-2014-7186 (redir_stack bug)Test for CVE-2014-7187 not reliable without address sanitizerVariable function parser inactive, likely safe from unknown parser bugs Link to comment Share on other sites More sharing options...
Recommended Posts