Science and Tech


Apple Releases 'Shellshock' Fix Despite Few Affected Users

Apple released a security fix for the "Shellshock" vulnerability Monday, though it says only "advanced UNIX users" of OS X need it.
Posted at 10:42 PM, Sep 29, 2014

You've likely heard about "Shellshock," a security flaw in the software that makes up many web-connected devices, like smart thermostats, security cameras, lights and more. The flaw allows a user to take control of a computer or system remotely. 

It affects devices running on Linux and Unix operating systems, including Apple's OS X. OS X is the operating system used on the company's MacBook laptops and iMac, Mac Pro and Mac Mini desktop computers. (Video via Apple)

Not long after the "Shellshock" security flaw was exposed, Apple provided a statement to tech-blog iMore explaining most OS X users aren't vulnerable. 

"The vast majority of OS X users are not at risk. ... With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."

That update is now available via a download posted on Monday night. At time of writing, the update was not available through Apple's App Store. 

While Apple insists the flaw won't affect the typical user, it's probably a good idea to install the fix anyway. 

We've seen quite a few headlines suggesting the "Shellshock" bug is worse than the infamous Heartbleed bug. That's because alleviating security concerns requires more than just changing your password; it takes an update like Apple's to fix the flaw.