It’s time for another round of software updates: Apple has released a collection of patches for the bash Terminal shell to correct the recently discoveed “Shellshock” security bug. Apple had previously stated that most Mac users don’t need to worry that much about Shellshock “unless users configure advanced UNIX services,” according to a statement provided to iMore. That said, it probably isn’t a bad idea to install the update regardless.
The OS X bash Update 1.0 comes in three flavors—one for OS X Mavericks, one for Mountain Lion, and one for Lion. From the looks of things, Apple hasn’t provided an update for OS X Yosemite betas; presumably, Apple will correct the bug in OS X 10.10 before it ships sometime this fall.
Ars Technica reported late last week that initial bash patches may not have addressed deep-seated Shellshock vulnerabilities in bash, and may still have been vulnerable to certain kinds of attacks. It’s unclear at the moment whether Apple’s update improves upon the initial patches and fills all Shellshock-related holes. [Update: It looks as though Apple’s update might address vulnerabilities the initial patches left open, according to Mac developer Rosyna Keller.]
(And in case you’re wondering, yes, the proper capitalization is “bash” and not “Bash.” Its naming rationale is…complicated…)
