[MacTUG] How to patch OS X for the bash/Shellshock vulnerability
Marlon A. Griffith
m3griffi at engmail.uwaterloo.ca
Fri Sep 26 09:38:54 EDT 2014
"""
Shellshock attacks could target several points of entry -- Git and Subversion clients, compromised DHCP servers, etc. -- but the most likely vector would be through the wildly popular Apache HTTP server, included on most UNIX or Linux distributions and on OS X. Mac users might breathe a little easier knowing that Apple removed the System Preference control for the Apache web server in the standard Mountain Lion and Mavericks OS X versions. Apache is still there under the hood, however; it's front and center in OS X Server, and you can easily turn it back on with the free Web Sharing control panel.
...
The Vulnerability Summary for CVE–2014–6271 rates Shellshock as a "10," and there is no 11. You can read all about it if you want to learn more (I recommend Troy Hunt: Everything you need to know about the Shellshock Bash bug), but here I'm going to share a way to fix it on your Mac running OS X.
As mentioned, the vulnerability is most concerning for Macs used as web servers on the Internet, but the security-minded average user may want to go ahead and patch anyway. This solution comes from Ask Different, one of my favorite Mac Q&A sites. Alex Blewitt (@alblue) wrote up a great answer to How do I recompile Bash to avoid Shellshock. He also wrote it up on his website, so full credit to him for the solution. (If the notion of recompiling a system utility is alien to you, breathe easy; we're going to go step by step.)
http://www.tuaw.com/2014/09/25/how-to-patch-os-x-for-the-bash-shellshock-vulnerability/
"""
mac os x
More information about the MacTUG
mailing list