Your system is still vulnerable to the Shellshock bug, even if you’ve patched it. Security researchers have found new flaws in bash, rendering previous patches ineffective.
See also: How To Detect And Patch This Big, Bad Unix Bash Shellshock Bug
The bash shell is an omnipresent command-line interpreter used by default in Unix and Linux, and by extension, Apple’s OS X software. The shell itself is decades old, and it turns out the bug has been present for the last 22 years without detection.
Linux stewardship company Red Hat released a series of fixes to patch up the eight or so versions of bash that were vulnerable. On Friday, Red Hat released a second round of patches to resolve newly discovered security flaws, and those discoveries keep coming.
See also: The Bash Bug Makes Every Mac Vulnerable; Here's How To Patch It
Google security researcher Michal "lcamtuf" Zalewski has been tweeting as he uncovers increasingly serious vulnerabilities in the bash shell. He recommends Red Hat security researcher Florian Weimer’s still-unofficial patch.
At the moment, the only people who need to worry about patching the Shellshock bug right away are system administrators and people with who have tweaked the advanced Unix settings on machines running OS X or Linux.
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities," Apple said.
Photo via Shutterstock
via Web News Blogs http://ift.tt/YBS9fr
No comments:
Post a Comment