You may have heard of a new exploit circulating around the Web recently. It’s being referred to as “Shellshock” and apparently takes advantage of a part of UNIX called Bash. You don’t need to worry – at least locally – if you’re a regular OS X user, Apple said in a statement to iMore recently, though some OS X users that are more knowledgeable about Unix configurations may need to make some tweaks.
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” Apple told iMore recently. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
Shellshock has been compared to Heartbleed, a vulnerability in OpenSSL which also wasn’t a risk for iOS and OS X users. Still, because you use OS X doesn’t mean you’re completely in the clear, as Shellshock is a wider Internet problem that also may affect the sites and services you use online daily.