Apple releases bash patch to plug 'Shellshock' security flaw in OS X Mavericks, Mountain Lion, Lion

By AppleInsider Staff

As promised, Apple on Monday issued OS X bash Update 1.0 for OS X Mavericks, Mountain Lion and Lion, targeting the recently discovered "Shellshock" security flaw originating in the bash UNIX shell.

Following revelations that Shellshock was in the wild, Apple last Friday said that, while most consumers would go unaffected, it was working to patch the problem. That fix was released today for OS X 10.9 Mavericks, OS X 10.8 Mountain Lion and OS X 10.7 Lion.

This update fixes a security flaw in the bash UNIX shell.

The bug, dubbed "Shellshock" by the computer security community, is theorized to be built in to every version of bash since the system's inception in 1989. A remote attack, nefarious users could potentially issue commands to an affected computer with the intent of gathering information modifying system files and more.

"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services," an Apple spokesperson said last week, adding that the company is "working to quickly provide a software update for our advanced UNIX users."

Mac owners running Mavericks can download the 3.4MB patch through Apple Support website, as can users operating Mountain Lion and Lion. For Mountain Lion, the fix comes in at 34.3MB, while the Lion download clocks in at 3.5MB. Alternatively, the patch is available through Software Update.