Apple: Your OS X system is (probably) safe from attacks stemming from 'Shellshock' bug

The "Shellshock" bug, which has been recently identified by security experts, does not pose a threat to a majority of OS X users, Apple says. The bug reportedly affects the operating systems of computers, including the OS X of Mac computers.

"The vast majority of OS X users are not at risk," said Bill Evans, a spokesman for Apple.

Red Hat, an open source software company, described Shellshock, also known as CVE-2014-6271, as a possibly "catastrophic" bug that could be more dangerous than Heartbleed.

The vulnerability is in the Bash shell, which is a command prompt software that is used in the Linux open source operating system and other platforms based on Unix.

Bash, which acts as a middleman that is tasked to translate commands that the user inputs for the operating system to work on, is also packaged with the OS X, as the operating system is based on Unix.

According to Red Hat, hackers can use the Shellshock bug to compromise a computer by incorporating malicious code into the system, bypassing the security measures implemented by the computer to execute the hack codes.

Once the hacker has executed the malicious code, confidential information can be accessed, along with control over the computer and several other kinds of hack attacks. Hackers can do this damage remotely.

According to Evans, Mac computers are safe because Apple ships its own computers. Mac computers do not have the vulnerability to attacks because they are not configured for the advanced Unix services that Shellshock exploits, unless the user configures the computer's settings to include these services.

"We are working to quickly provide a software update for our advanced UNIX users," Evans added.

Not affected by the bug are the iOS mobile operating system of Apple, used on devices such as the iPad and iPhone, and the Windows operating system of Microsoft.

Computer security experts, however, are rushing to find out which systems are vulnerable to remote attacks by hackers exploiting Shellshock. However, estimates on how many systems are vulnerable to attack due to the bug have not yet been determined.

Errata Security CEO Robert Graham believes that the Shellshock bug has been around as early as 1977, when Bash precursor Borne was first implemented.

The bug will potentially be affecting even the oldest computer systems, if they are still being used today.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics