Michal Ždanský Apple released a patch this morning dangerous Shellshock vulnerabilities in the bash terminal shell, which hypothetically allowed a would-be attacker to gain complete control over vulnerable systems, both on Linux and OS X. Apple stated a few days ago that most users using the default settings are safe because they are not using advanced unix services. At the same time, he promised a quick release of the patch. In the meantime, he also appeared unofficial way, how to test system vulnerability and fix it.
Today, all users can fix the vulnerability in a simple way, because Apple has released a patch for its latest operating systems: OS X Mavericks, Mountain Lion and Lion. The update can be installed either through the Software Update menu in the top menu (Apple icon) or in the Mac App Store, where the patch will appear among other updates. The latest operating system OS X Yosemite, which is still in beta version, has not yet received a patch, but Apple will probably release it in the upcoming new beta version, and the sharp version, which is scheduled for release in October, will almost certainly have the vulnerability fixed.
interesting, 10.9.5 then does not offer the update
Manually required. http://support.apple.com/kb/DL1769
No, it's not a bug in the unix kernel in the bash processor.
Bash is not part of the kernel and it is not a processor.
Isn't it only dangerous for servers? That is, if the user does not blindly run every nonsense from the email?
Be sure to apply the fixes.
I can't think of a direct exploit in a more common OS X desktop installation (which means nothing)... but it's quite possible that there's a shortcut somewhere where a programmer bashfully made life easier while mesanitizing the env. Sometimes the extremely common use of DHCP is mentioned in this context, but I have not studied whether this is also the case with OS X.
Once again - the last person to apply the frosting is the hack llama.