Bash bug

[Xairbusdriver]

QUOTE

If you can remain calm while those around you are in a panic, you probably don't understand the situation.

That's why they trained us to whistle while we walked to the back with our parachutes on...

[Paddy]

To clarify, since clarification seems necessary...I'm not suggesting that Apple et al not patch this bug, not at all. Nor am I suggesting that they should take their sweet time doing it. Just that there seemed to be a lot the-sky-is-falling-this-is-worse-than-Heartbleed-OMG sort of headlines out there and the truth is, as Tacit states, that for most of us, it's not going to be an issue on our own computers. I'm not for a moment saying that it couldn't be a big mess if some major websites, many of which run on Linux and use Apache, were compromised by clever hackers, and there are many, many ways that hackers could create havoc on the internet with this thing if it isn't patched. That, I think is probably the biggest threat, and it is definitely something that needs to be attended to ASAP. I've checked my own sites on Hostgator, and it would appear that Hostgator has patched their servers.

Meanwhile, we wait.

[Xairbusdriver]

I suppose it's finally time for mr to get 10.9.5! Apple has issued a minimal fix for the "Shell Shock/bash Bug" for Mavericks (and also 10.7 & 10. but to get the fix, one must also have the last update for each OS: 5 If you have that, you should find the bash bug fix in the MAS.

[Paddy]

BTW - at the moment (at least) it's a manual update, not available via Software Update. You can download it here:

http://support.apple.com/kb/DL1769?viewloc...mp;locale=en_US

Lots of discussion of the patch in the comments section at Ars Technica's article on the update: http://arstechnica.com/apple/2014/09/apple...0-7/?comments=1

It would appear from the comments that Apple went above and beyond with the patch (which is good) although there is some quibbling about details.

I'm assuming that it will appear via Software Update shortly (though it's been a rather long 15+ hours since it first appeared, so not sure what the delay is).

[Xairbusdriver]

I assumed that it didn't show in SU since I had already downloaded it from the link you posted. Doesn't really make sense, however, since I did not install it until I updated Mavericks. One report I read before posting yesterday said it was at SU but I had not updated to 10.9.5, again, I assumed it was because I didn't have the minimum OS. One "assumption" is bad enough! When I make two, the same day...

BTW, the patch is also available for:

<Lion (10.7.5)>
<Mountain Lion (10.8.5)>

As most are aware, Apple has stopped support (except Security updates) for Snow Leopard (10.6). However, if you'll download Xcode 3.2, there are files that you can use to compile a version with the patch.

[jchuzi]

For those who need a link to the instructions for manually installing the fix, read How to unofficially fix the ‘Shell Shock’ bash vulnerability in OS X. I'm merely posting this; I haven't installed it yet nor am I sure that I will.

[krissel]

For those who are still running earlier OSXs, here is a patch for 10.4 and up on Intel and PPC.

http://tenfourfox.blogspot.com/2014/09/bas...me-updated.html

[gunug]

For better or worse I ran the non-automatic fix on my office MacPro (on the 10.9.5 partition), everything seems to be fine and it passes the BASH test.  I will check out the fix on the 10.6.8 partition and my carry around Macbook Pro later.  I wondered what all of this might have to do with our older cloning procedure, which boots up a Novell Linux with a BASH shell; all I got from the pertinent guy in networking is a laugh.  The older one is
only used to put Windows XP onto computers to go to sale, we aren't paying to upgrade computers to sell for pennies on the dollar!

[jchuzi]

How to create a ‘Shell Shock’ Bash Update installer for OS X 10.6

[jchuzi]

Two scenarios that can make OS X vulnerable to the Shellshock Bash bug