Sunday, September 28, 2014

Mac fix for Bash Shellshock

NOTE: Apple have released their own patch now, and I highly recommend you use that one. 
It can be found here:

No sooner than the dust settled on the first bash bug, have a few more vectors been found. And so the term "Shellshock" has been coined to refer to the recent spate of vulnerabilities affecting bash.

Unfortunately, MacOS (Mavericks) is not immune to this and the version of bash included with your installation is also vulnerable. I'm confident Apple will patch it soon, but incase you want to get it quickly patched ASAP you can follow the steps below to do so.

NOTE: If you don't have Xcode, you will need it to compile the replacement bash, and its a LARGE download. Be aware of this before proceeding.

Thanks to Loïc for the steps which I've tested and work fine.

Enjoy and adios for now. Keep those hashes cracking!