it.ucsf.edu

Security Update:Apple Releases Update to Address the Two Initially Reported Bash Vulnerabilities

Status Type

Security Update

Date and Time

Tuesday, September 30, 2014 - 08:55

Reason

Security Update

Impact

Mac OS X Lion, Mountain Lion, and Maverick Users

WHAT HAPPENED?

Apple released OS X bash Update 1.0 to address the recently discovered Bash vulnerabilities (also known as Shellshock), CVE-2014-6271 or CVE-2014-7169.

Since the announcement of CVE-2014-6271 and CVE-2014-7169 vulnerabilities, two additional vulnerabilities were discovered. At this time no patches have been released to address them yet.

Advanced Users:

  1. For a complete description of the security enhancements and affected software refer to Apple Security Updates at http://support.apple.com/kb/ht1222 where Apple will post the full report.
  2. For detailed description of the two additional vulnerabilities refer to:



AFFECTED SYSTEMS:

  • Mac OSX Lion
  • Mac OSX Mountain Lion
  • Mac OSX Maverick



WHAT'S THE PROBLEM?

Bourne Again Shell, or Bash, is a command-line shell processor widely present in Unix and Linux systems, including Mac OSX. According to Apple most users are not affected by this bug unless they modified the default Unix settings or they have enabled on the 'Sharing' services (System Preferences -> Sharing -> Remote Login). If this vulnerability was exploited this could allow for an attacker to take control of your computer.

This is a uniquely fluid situation and as a reminder for out of band security updates, the prerequisites should be reviewed closely as these are not updates from the “Software Update” app. IT Field Services is testing pushing of these updates to centrally managed customers as soon as they are able.


HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support or they do not support your computer, OS X bash Update 1.0 may be obtained from the following webpages:

 

To check that bash has been updated:

a. Open Terminal
b. Execute this command:
    bash --version
c. The version after applying this update will be:

  • OS X Mavericks: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
  • OS X Mountain Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
  • OS X Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)



RELATED LINKS