UPDATE: Bash Vulnerability AKA SHELLSHOCK
The ‘Shellshock’ Bash vulnerability and what it means for OS X
Apple: Most OS X users safe from ‘Shellshock’ exploit, patch coming quickly for advanced Unix users — which, of course, is a blatant falsehood… all macs are as much at risk as -x was, and -x had a patch yesterday… this is why i am no longer a mac-head… π
Apple working on “Shellshock” fix, says most users not at risk [Updated] — which includes the following information:
Mac OS X uses version 3.2.51.(1) of GNU bash, released in 2007; the current GNU release of the shell is bash 4.3. However, the current version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms, even dropping the open-source Windows networking service Samba from OS X server in 2011 because Samba had shifted to a GPLv3 license. Therefore, although patches for the vulnerability have now been pushed out for most open-source operating systems, Apple executives may feel they have to have their own developers make modifications to the bash code.
this is the explanation why i haven’t been able to get SAMBA to work on my mac… grumble, mutter… π
Still more vulnerabilities in bash? Shellshock becomes whack-a-mole