How to Protect Mac From ShellShock CVE-2014-7169 & CVE-2014-6271 [ Updated ]

How to protect mac from Shell Shock CVE-2014-7169 CVE-2014-6271 , Well you have to download and build bash using xcodebuild while apple is working ( I don’t why they are taking so long to release fix ) . well for a meantime alblue suggested a guide in this stackexange question .

what is ShellShock

According to wikipedia :

Stéphane Chazelas discovered the bug on 12 September 2014[1] and suggested the name “bashdoor”. The bug was assigned the CVE identifier CVE-2014-6271 and kept under embargo until 24 September 2014 14:00 UTC, in order to ensure that security updates were available for most systems as soon as the details were made public. Within days, a series of further related vulnerabilities in Bash were found leading to the need for further patches. Currently, there is an unofficial patch available from the oss-sec list[6] which purports to fix all known issues.

It a flaw in BASH which allow an attacker to execute malicious code using environment variables manipulation .

Test Your System

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable system will output

this is a test

Shell Shock

I wrapped that into bash script to automate things you have to just download and make that script executable and run that to patch your bash .

chmod +x

Stack Exange Question :

Now Official Patch is available from apple

Go to Apple Site
I will update this post accordingly , please share and leave your comments .

Tagged With : -