Yesterday, it was revealed that security researchers from Red Hat uncovered a major exploit in the “Bash” command shell found in OS X and Linux. Named “Shellshock” by security experts, the exploit allows hackers to gain access to web connected devices and services through the use of malicious code.
Now, an Apple spokesperson (via iMore) has commented on the matter, stating that the majority of OS X users are safe from the exploits and that the company is working to provide a software update for advanced UNIX users:
The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson told iMore. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.
The exploit was called “as big as Heartbleed” by security researcher Robert Graham, who was referring to a flaw discovered in the popular open-source software OpenSSL that affected 66% of the Internet earlier this year. Apple eventually announced that Heartbleed did not affect its software or key services, and also released updates for AirPort Extreme and Time Capsule. It is likely that a fix for the Bash exploit will arrive relatively soon for users.
Recent Mac and iOS Blog Stories
• Apple’s iPhone 6 and 6 Plus Quickly Dominate Japanese Smartphone Sales
• Apple Launches Yosemite ‘AirDrop Test Fest’ For AppleSeed Members
• iPhone 6 Touch ID Still Vulnerable to Specialized Fake Fingerprint Hack
• Now TV Adds New Entertainment and Sky Movies Passes to Apple TV in UK
• iPhone 6 Plus Bending Limits Tested in New Video
• Apple Opening Retail Store in Hanover, Germany on September 27
• ‘iPod Father’ Tony Fadell Comments on Discontinuation of iPod Classic
• Apple Releases OS X Yosemite Mail Update for Developers and Public Beta Testers
No responses yet