Posted on 09/28/2014 8:02:59 PM PDT by dayglored
Apple’s OS X is vulnerable to the Shellshock bug, but it’s not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system.
Shellshock is the nickname for a flaw in the Bourne Again Shell, or Bash, which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer.
Apple, which plans to patch the flaw, said most users are fine unless they’ve tweaked advanced Unix settings. By adjusting those settings, Bash could be exposed to attackers, wrote Derek Erwin of Intego in a blog post. Intego has already seen proof-of-concept exploits for OS X, he wrote.
...
(Excerpt) Read more at pcworld.com ...
Case 1 is turning on remote shell logins for all users including "guests", and making it exposed to the internet. No one in their right mind does this: novice users wouldn't know how to do it, and advanced users who would know how, wouldn't do it because it's stupid.
Case 2 is running an Apache webserver open to the internet and configuring it to run Bash scripts, which is unwise practice in the first place, and easy to avoid in the second place now that we know there's a problem.
Anyway, it's no big deal to take care of, but it is theoretically possible that a few Mac users might not realize it, so here's a post for y'all. Can't say you weren't warned.
Heads up. The tech writers are having fun with this, it gets them more page views than anything else in creation.
Apple says they’re going to release a patch for Bash real soon, do you have any info on when that’s likely to appear?
All those patches, virus definition updates and system crashes seem like distant memories. I vaguely remember all those "Dummies" books that used to cram my bookshelf, that showed me how to do Registry updates, scan and defrag hard drives, recover corrupted system files, etc., etc.
I don't need any of those anymore.
I’m glad there are people like you around, who understand this stuff, to help people like me, who don’t, know when it’s time to freak out and when it’s not time to :)
The heck you say!! An Apple OS subject to a VIRUS??
*swoon*
Both of those cases are extreme, but...the gamut of people doing IT types of things runs from ES to ES (Extremely Smart to Extremely Stupid) so one can never tell.
But I think both of these are pretty remote scenarios.
Also I have another post on the way about Windows 9, will ping on that too. Thanks!
switched to ubuntu...don’t think I will ever go back to windows..
Don’t talk like an idiot. Bash’s bug isn’t a virus and you know it. :)
> Don’t talk like an idiot. Bash’s bug isn’t a virus and you know it. :)
Let me rephrase that... You know full well it's not. So why, other than to confuse other FReepers, do you even mention viruses, pro or con? Just making trouble?
>>Let me rephrase that... You know full well it’s not. So why, other than to confuse other FReepers, do you even mention viruses, pro or con? Just making trouble?<<
LOL
When you got the Religion, heretics are never welcome.
Thanks for the appreciation. There are folks in the tech press and even some FReepers, who love to exaggerate the significance and potential hazard of various flaws in Windows, Mac OS X, Linux, Unix, etc. These days, there are darn few that merit freaking out over. But the folks who love attention are desperate for it and will make any molehill into a mountain for self-aggrandizement.
This Shellshock Bash bug is real, but it's not the end of the world, and certainly not the huge mess it's being made out to be, with regard to Macintosh machines. Apple will produce a patch in a few days that will take care of it, and that will be that.
It's actually a much bigger problem for Linux and Unix servers, and as a system admin I've got a LOT of those to patch.... ugh.
What "religion"? Certainly not me, read up if you wish.
You're welcome to be a heretic. But sounding like a fool isn't heretical, it's just dumb. Of course, you're welcome to do so, but please try not to do so in a thread intended to discuss reality. The reality is that there's a ubiquitous bug out there, that Macs are affected, that Apple's gonna patch it (a lot quicker than we Linux/Unix system admins are gonna be able to have all our servers patched, probably), and for the vast majority of Mac users, the bug is not only NOT going to cause them any problem, they'll never even need to know what it's all about in the first place. That's reality.
Your calling it a "virus" is your misbegotten fantasy. Agreed?
Well, with respect, it is kind of a mess, if only because certain Apple users are a little naive with regard to security. I’ll be spending next week with certain users (and I could name them right now) cleaning the whole thing up. The ones I’m worried about are the ones who simply refuse to believe there could be a problem, and won’t take even the most rudimentary measures to prevent it. That’s the real problem with this whole OS holy war thing: it blinds the participants to the cold, deadly fact that no OS is perfect and that they all need vigilance.
>>Your calling it a “virus” is your misbegotten fantasy. Agreed?<<
I was making fun of the myth that many Apple think that they are immune from viruses.
If this one is or isn’t — meh.
You are SO right.
That's the downside to any sort of blind adherence to belief, in the face of reality. Any user, whether Mac or Linux, or Windows, who thinks their system, or they themselves, are immune to problems, is just whistling past the graveyard. It's my opinion that these days, a properly patched system, of any flavor, is pretty damn tight and safe. Windows has come a long way, and OS X has always been relatively solid.
"They all need vigilance." AMEN!
Terminology.
A true "virus" has never been successfully released into the wild for OS X and spread. That's a fact. "Virus" has a precise definition, having to do with what it does and how it does it. You're welcome to not care, but be aware that "virus" is only one type of malware.
There is plenty of other malware that applies to Mac OS X. Virtually all of it actually attacks the USER not the OPERATING SYSTEM. Users are not immune to doing dumb things.
However, in the common parlance, all sorts of things are called "viruses". Wrongly. You don't call an 18-wheeler a "car". You don't call baseball "football".
Or I dunno, maybe you do. Meh.
>>However, in the common parlance, all sorts of things are called “viruses”.<<
Well, I used to teach debate and if you own the terms, you own the round.
So we should accept your definition because...?
I use Apple, Microsoft, and open source (e.g. Linux) products interchangeably every day at work and home, and to be honest, they're all pretty solid these days.
I disliked having to deal with the older Windows versions (XP and prior) because they were not fundamentally solid and secure -- security had been bolted on as an afterthought. On my home systems I switched from Windows to Linux around 2001, back to Windows in 2003, then to Macintosh in 2005, and have stayed with Macs since then -- but I have both Windows (7) and Linux running alongside OS X in virtual machines for those programs that require Windows.
Done properly, Windows 7 can be made very secure and it stays pretty fast even with anti-virus installed. I've got it running in another window on my Mac Mini even now...
However, if you're happy as a Mac user I wouldn't suggest you switch -- after all, I'm writing this on OS X. :)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.