Apple releases OSX bash update 1.0, patching shellshock vulnerability



Apple has just released the Bash Update 1.0, for OS X Mavericks, Mountain Lion, and Lion. The patch fixes the infamous “Shellshock” bug in the Bash shell.

The update can be installed from OS X Software Update: for older OSX versions there are separate downloads for Mavericks, Mountain Lion and Lion.

There is currently no patch for machines running the public or developer builds of OS X Yosemite.

After patch installation, you can test your system by running this command from Terminal:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you’re not vulnerable, you’ll get this result:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' hello

If you are still vulnerable, you’ll get:

vulnerable hello

Published: September 30 2014