Thursday, September 25, 2014

"Bash" bug in Linux-based environments (including Mac) explained; most users probably not affected


Tim Lee of Vox has a detailed discussion of The Bash Bug in Linux-based systems, which include Mac personal computers, "Bash" stands for "Bourne-Again-SHell".  If you go to terminal on your Max (Tim explains how to navigate to it, and I just did it on my own), you'll see if you have Bash (I do, in 10.6.8 -- my test is above).  His main story is here, and there is a "proof of concept" simulation at "trusted security" here.

The main problem is a "recursion" in the shell that, if not properly implemented, hackers can exploit to inject malware or make machines into botnet zombies.

It looks like MacOS versions in MacBooks are probably OK, but security professionals at Apple are burning the midnight oil on this one anyway.  There should be more definitive news in a few days. Right now, there would not be much of a defense, although anti-virus software should be able to detect malicious activity soon.

This can't be good for Apple stock, which already suffered from a "bent wrist" iPhone (enough to please Tiny Tim).

US Cert has a bulletin on the GNU Bourne-Again Shell vulnerability here.

I'm contemplating going too 10.9 (maybe a new machine) and Sibelius 7.5 soon to finish a music project.

The latest, Friday morning, is that Apple says that "Shellshock" isn't a problem for its users, Yahoo! Finance link here,  But it if were, we would wonder if other third party apps, like Avid Sibelius, for music composers, could be affected by an operating system fix and update.

Unix servers can have vulnerabilities, as like when "Site commands" are left open (as with a 2002 incident that affected me).

Update: Sept. 29 

Webroot has a statement on Bash or Shellshock here

No comments: