Shellshock Bash Bug ... Linux, Unix, Ubuntu and MAC

[BustedKnuckles]

Major league bug targets Linux, Unix, Ubuntu and MAC systems...makes the Heartbleed bug look like a microbe:

https://blog.lastpass.com/2014/09/what-you-need-to-know-about-shellshock.html

For the geeks:

https://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

For MAC users:

https://www.cnet.com/news/vast-majority-of-os-x-users-safe-from-bash-shellshock-bug-apple-says/

 

[mikephillips]

The reality is, if it can be accessed externally, by which I mean you don't have to be at the keyboard or screen physically attached to the machine, it is vulnerable to attack if someone or group sees an advantage to it. Some will want to just mess with folks, think interconnected household devices that someone funs funny to switch off or on randomly. Others will want to take what they can find that is worth money, credit onfo, banking and so on. Unfortunately we've created and are expanding a world where anyone with larcency in their brain and a little talent can find or create something to make life difficult for thousands around the world.

 

[Nunyas]

Yeah, I updated all of my Linux boxes and patched my work MacBookPro as soon as I heard about this. Funny thing is, all of my *free* Linux OS systems were fixed with a standard OS update within a day of this exploit "going public". However, Apple still hasn't published an update to patch BASH and SH (and claims "most users are not at risk"). I manually recompiled BASH and SH on my work MBP before our IT department got around to distributing the fix internally. At the same time, my supervisor kept insisting that OSX 10.9.5 "was not vulnerable" until IT came over and proved him wrong.

I have nothing against Apple, but frankly their handling of this vulnerability is disappointing: https://arstechnica.com/security/20...n-shellshock-fix-says-most-users-not-at-risk/
It's Microsoft levels of disappointing from when MS was at their popularity peak.