Can you help me understand what the Bash bug is and what I need to do to protect my Mac computer?
This question was answered on October 1, 2014. Much of the information contained herein may have changed since posting.
There has been much coverage on the recently exposed ‘Bash bug’ (a.k.a. Shellshock) that affects computers running Unix, Linux and Mac OS X because it could allow a remote hacker to take control through simple commands.
Much of the issue has been overhyped, especially when it comes to the average Mac user, but there are some important lessons that you can take from this event.
One of the main reasons there is so much concern is that Bash, a program used to execute command line instructions and scripts, is a utility that’s been around since 1989 in these various operating systems.
This means that millions of Internet connected computers have potentially been exposed to this hole since its release 25 years ago.
While individuals running Apple’s Mac OS X should be aware of the bug, the real concern is with web servers and corporate servers running Linux and Unix.
Exploiting the Bash bug doesn’t just expose sensitive data, it could allow access to the entire system as if the hackers were sitting right in front of the computer.
Those responsible for maintaining and protecting Linux web servers and large corporate Unix servers are the ones that have had the most work to do to protect themselves.
The best way that I can explain the threat to Mac OS X users is that a door within your house has a broken lock, but the only way that a hacker could take advantage of it would be to break into your house first.
According to Apple, unless you use advanced Unix settings on your Mac, you really aren’t at risk. If you have to ask what that means, you aren’t at risk.
Having said that, this should be a small wake-up call to those running the Mac OS when it comes to keeping it updated.
To a certain degree, Apple has done its customers a bit of a disservice with their very popular ads proclaiming that Apple users needn’t worry about viruses and malware.
This is not to say that Apple’s operating system is anywhere near as vulnerable as Windows, but the fact is you should be updating just like a Windows user.
We routinely see Apple computers that haven’t been updated for years, which expose those systems to lots of known exploits that Apple has fixed with their updates.
Apple has posted a Bash bug patch for OS X that can be manually installed from http://support.apple.com/kb/DL1769.
If you’ve been ignoring the update notifications on your Mac’s desktop (usually in the upper right corner), I’d highly recommend that you start installing them as you’re notified.
If you want to make sure you have all the current security patches, you can click on the Apple icon (upper left) and then on ‘Software Update’ to display any updates that are available for your system.
About the author
Ken Colburn of Data Doctors on October 1, 2014