Computersnyou

How to Protect Mac From ShellShock CVE-2014-7169 & CVE-2014-6271 [ Updated ]

Posted on  9/28/2014

How to protect mac from Shell Shock CVE-2014-7169 CVE-2014-6271 , Well you have to download and build bash using xcodebuild while apple is working ( I don’t why they are taking so long to release fix ) . well for a meantime alblue suggested a guide in this stackexange question .

what is ShellShock

According to wikipedia :

Stéphane Chazelas discovered the bug on 12 September 2014[1] and suggested the name “bashdoor”. The bug was assigned the CVE identifier CVE-2014-6271 and kept under embargo until 24 September 2014 14:00 UTC, in order to ensure that security updates were available for most systems as soon as the details were made public. Within days, a series of further related vulnerabilities in Bash were found leading to the need for further patches. Currently, there is an unofficial patch available from the oss-sec list[6] which purports to fix all known issues.

It a flaw in BASH which allow an attacker to execute malicious code using environment variables manipulation .

Test Your System

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable system will output

vulnerable
this is a test
Shell Shock
Shell Shock

I wrapped that into bash script to automate things you have to just download and make that script executable and run that to patch your bash .

wget https://gist.github.com/alokyadav15/bdb26a5805c7b89dc74e/raw/4823e7f7f7da76eb585723919b3adb91b3e800ab/patch_bash.sh
chmod +x patch_bash.sh
./patch_bash.sh

Stack Exange Question : https://apple.stackexchange.com/questions/146849/

Now Official Patch is available from apple

Go to Apple Site{.btn.btn-primary.btn-large}
I will update this post accordingly , please share and leave your comments .


  • Home
  • Home
  • Home
About
lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad lorem lasda asda adasd adsad