Links

SHELLSHOCK UPDATE

Shellshock: ‘Larger scale attack’ on its way, warn securo-bods

Apple FINALLY patches the ‘don’t worry’ Bash Shellshock vuln

Apple Releases Patches for Shellshock Bug


Every Mac Is Vulnerable to the Shellshock Bash Exploit: Here’s How to Patch OS X
— i upgraded from v.3.2.51(1) to v.3.2.53(1) according to their directions for pre-mavericks computers, and, according to the test i posted last week the system is no longer “vulnerable”, but, because of the fact that it doesn’t actually give a response other than “this is a test”, i can’t tell for sure whether or not they’ve actually patched shellshock, or whether they have just turned off the error message… it would be really nice if i could just upgrade to the current GNU release, which is v.4.3… this is why i am no longer a mac-head… 😐

Apple patches "Shellshock" Bash bug in OS X 10.9, 10.8, and 10.7

SHELLSHOCK UPDATE

Firms BASH Bash bug with new round of Shellshock patches

Cisco splats Bash bug in busy swatting season

i’ve run three rounds of security updates in the past three days, and bash was updated in every one of ’em… eventually they’re gonna fix it for real… maybe i’ll just revert to using csh… or zsh (which was written by paul falstad, my former manager and coworker at openwave) 😐

SHELLSHOCK UPDATE

UPDATE: Bash Vulnerability AKA SHELLSHOCK

The ‘Shellshock’ Bash vulnerability and what it means for OS X

Apple: Most OS X users safe from ‘Shellshock’ exploit, patch coming quickly for advanced Unix users — which, of course, is a blatant falsehood… all macs are as much at risk as -x was, and -x had a patch yesterday… this is why i am no longer a mac-head… 😐

Apple working on “Shellshock” fix, says most users not at risk [Updated] — which includes the following information:

Mac OS X uses version 3.2.51.(1) of GNU bash, released in 2007; the current GNU release of the shell is bash 4.3. However, the current version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms, even dropping the open-source Windows networking service Samba from OS X server in 2011 because Samba had shifted to a GPLv3 license. Therefore, although patches for the vulnerability have now been pushed out for most open-source operating systems, Apple executives may feel they have to have their own developers make modifications to the bash code.

this is the explanation why i haven’t been able to get SAMBA to work on my mac… grumble, mutter… 😐

Still more vulnerabilities in bash? Shellshock becomes whack-a-mole