How to Protect Mac From ShellShock CVE-2014-7169 & CVE-2014-6271 [ Updated ]

How to protect mac from Shell Shock CVE-2014-7169 CVE-2014-6271 , Well you have to download and build bash using xcodebuild while apple is working ( I don’t why they are taking so long to release fix ) . well for a meantime alblue suggested a guide in this stackexange question .

what is ShellShock

According to wikipedia :

Stéphane Chazelas discovered the bug on 12 September 2014[1] and suggested the name “bashdoor”. The bug was assigned the CVE identifier CVE-2014-6271 and kept under embargo until 24 September 2014 14:00 UTC, in order to ensure that security updates were available for most systems as soon as the details were made public. Within days, a series of further related vulnerabilities in Bash were found leading to the need for further patches. Currently, there is an unofficial patch available from the oss-sec list[6] which purports to fix all known issues.

It a flaw in BASH which allow an attacker to execute malicious code using environment variables manipulation .

Test Your System

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable system will output

vulnerable
this is a test

Shell Shock

I wrapped that into bash script to automate things you have to just download and make that script executable and run that to patch your bash .

wget https://gist.github.com/alokyadav15/bdb26a5805c7b89dc74e/raw/4823e7f7f7da76eb585723919b3adb91b3e800ab/patch_bash.sh
chmod +x patch_bash.sh
./patch_bash.sh

Stack Exange Question : https://apple.stackexchange.com/questions/146849/

Now Official Patch is available from apple

Go to Apple Site
I will update this post accordingly , please share and leave your comments .

Tagged With : -
Add Comment