Apple on Friday attempted to reassure OS X users who felt they were at risk from a widespread security flaw in the UNIX command interpreter bash – which is a part of Apple’s UNIX-based Mac operating system – telling them that most users aren’t at risk, and a patch will be available soon for advanced users who might actually be exposed to the risks of the vulnerability.
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson said in a statement to iMore. “With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services,” the spokesperson added, before noting that Apple is “working to quickly provide a software update for our advanced UNIX users.”
The bug, which has been dubbed “shellshock,” is believed to be present in every version of bash since its 1989 debut. An attacker could pass specially-designed commands via bash, remotely executing commands that would allow them to modify systems, or grab data.
Most OS X users don’t directly expose their machines to the Internet by running potentially vulnerable services, like an HTTP server on their Macs. However, advanced users, such as developers or systems administrators, would be vulnerable until they recompile bash with an official patch from GNU, or until Apple issues its own update.