Jump to content

BASH vulnerability patching for PPC/Intel OS X 10.4 to 10.9

verdant

By verdant,
in Reader News and Reviews

 Share
8 posts in this topic

Recommended Posts

verdant
verdant
Posted
Posted

Just to alert everyone running OS X to Cameron Kaiser's (of TenFourFox fame) universal (PPC/Intel OS X 10.4 thru to 10.9) new bash patch compiled from the newly patched source code, that is easy and quick to apply!

  • Like 4
atlee
atlee
Posted
Posted

Hi Verdant,

 

You are only vunerable if someone already has access to your system. Without the attackers public key being stored under authorized_keys they have no way in. Yes it's a bad exploit but this exploit cannot be taken any further without any sort of access to begin with within a system. I have tested the exploit remotely on a system with an old version of bash and the simple vunerability test makes it no further.

 

atlee

verdant
verdant
Posted
  • Author
Posted

Hi Atlee,

 

Even if attackers have no current access to a person's OS X system, given that Cameron Kaiser's bash patch fixes the two reported bash vulnerabilities in a quick and easy way, it does not make sense (at least to me) to continue using a vulnerable bash version when one can readily update bash to a non-vulnerable version, giving more peace of mind....but each OS X user has to make their own choice of how to react to the bash vulnerabilities reported.

atlee
atlee
Posted
Posted

Hi Atlee,

 

Even if attackers have no current access to a person's OS X system, given that Cameron Kaiser's bash patch fixes the two reported bash vulnerabilities in a quick and easy way, it does not make sense (at least to me) to continue using a vulnerable bash version when one can readily update bash to a non-vulnerable version, giving more peace of mind....but each OS X user has to make their own choice of how to react to the bash vulnerabilities reported.

I should of really stated media is over-hyping a problem to make it seem more worse then it is. e.g. bigger then heart bleed omg :/ meltdown :) but at the end of the day fixing security holes is better then leaving yourself open.

verdant
verdant
Posted
  • Author
Posted

Cameron Kaiser has posted a revised BASH version 4.3.27 to fix a 3rd vulnerability that has come to light.......just overlay it over your old copy of 4.3.26........ ;)

verdant
verdant
Posted
  • Author
Posted

Cameron Kaiser has posted a BASH version 4.3.28 patch to fix all five currently known internal vulnerabilities.......just overlay it over your old copy of 4.3.2x........

  • 2 weeks later...
 Share
Go to topic listing
×
×
  • Create New...