Apple TOTALLY UNNECESSARY UNIX BASH VUNERABILITY Ping!
If you want on or off the Mac Ping List, Freepmail me. http://www.worldwidehippies.com/wp-content/uploads/2011/04/Obama_Howdy_Doodat.jpg
Posted on 09/28/2014 8:02:59 PM PDT by dayglored
Apple’s OS X is vulnerable to the Shellshock bug, but it’s not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system.
Shellshock is the nickname for a flaw in the Bourne Again Shell, or Bash, which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer.
Apple, which plans to patch the flaw, said most users are fine unless they’ve tweaked advanced Unix settings. By adjusting those settings, Bash could be exposed to attackers, wrote Derek Erwin of Intego in a blog post. Intego has already seen proof-of-concept exploits for OS X, he wrote.
...
(Excerpt) Read more at pcworld.com ...
It's not MY definition. The proper definitions of the terms "virus", "worm", "trojan horse", "phishing", "keylogger", and so on, have been agreed upon by the true experts in the malware field for over a decade, and you can look them up if you care to. I didn't write them.
The catch-all term "malware" covers all of the above. However, in the popular tech press, "virus" is a hot term -- gets more page hits -- so it gets used a little loosely to cover many types of malware. You referred to a Shell bug as a "virus" was so off-base it doesn't even rise to the level of being "wrong". It's in another universe, really. At first I thought you were being doubly-ironic, sort of self-satirical. But on second reading, that interpretation didn't hold.
Given your seemingly knowledgeable comments over the years on FR tech threads I assumed you were experienced, and hence would be aware of the proper terminology. If that's not true, I apologize, and will be happy to consider you just another computer user, rather than one who is familiar with the accepted technical terminology (as opposed to the tech-whore usage common in the tech press). Your call; no harm, no foul. :)
So we should accept your definition because...?
You lose.
No way is this bug a virus. Bugs are not viruses. A virus is a higher-level concept than a mere bug. It's possible to construct a virus on top of a bug, but a bug alone does not a virus make!
As to Mac OS, it's highly unlikely this bug will be the basis of a virus. That's because the population of vulnerable Macs is simply too small, due to the way Macs are typically used (as personal computers, not as servers). So, the payoff for the virus writer isn't there.
As far as Linux/Unix, the situation is much dicier. Any unpatched CGI server is vulnerable. This will attract exploits. And exploits can indeed take the form of viruses!
This means those Google engineers will hunch over their Macs and spray those patches out to their zillions of Linux servers.
If you want on or off the Mac Ping List, Freepmail me. http://www.worldwidehippies.com/wp-content/uploads/2011/04/Obama_Howdy_Doodat.jpg
My guess would be Tuesday or Wednesday. Apple has to give developers time to test the Bash 4.3.5 version on any software that requires its use to make sure it doesn't break something mission critical in a UNIX application, say in a medical surgical suite, before pushing it out in a security update. Apple doesn't have the luxury of just tossing it out in the wild without checking. . . especially after the iOS 8.0.1 fiasco.
No, not a virus, but a potential opening for a TROJAN. . . or a doorway for a hacker to walk through.
How about because this is a technical issue, and a "computer virus" is a technical term with a well defined, well understood technical meaning that you obfuscated. . . thereby making the discussion far less understandable. Your usage of the word "virus" failed to communicate any accurate information. Readers were left with less information for having read what you wrote.
“. . . especially after the iOS 8.0.1 fiasco.”
Guess I missed it. What was the iOS 8.0.1 fiasco?
It's actually a much bigger problem for Linux and Unix servers, and as a system admin I've got a LOT of those to patch.... ugh.
It's a real bug, but of much more concern only to those who run webservers. If your linux box is just a workstation, and you don't run a webserver, it's not really an issue, but you should update bash regardless. Fortunately it's an easy fix... "yum update bash" or something similar. If you have automatic updates turned on, you don't even have to do that.
No reboot required, though I'd probably HUP my webserver if I had one just for the hell of it.
I run a webserver locally for my own purposes, but since it's not exposed to the internet it was never an issue.
Agreed. I'm hoping the Apache Foundation and others are taking a serious look at this.
You’re welcome. I’m not one of those who blithely believe that my OS X is immune from everything forever, but as I am utterly ignorant of computer stuff, the best I can do is read what those more knowledgable than myself say, and follow the advice of those who sound the most reasonable. I already do the basics-keep up with patches and updates, don’t go to “iffy” sites, never click obscure links or links from emails etc. My browsing is in a pretty narrow window, I mostly go to the same sites I’ve gone to for years. There’s more of course, but I remember as I need to do or not do it :)
Yes, I thank goodness I just happened to see information about the mess with that before I downloaded and tried to install it!
What! OS X with a security vulnerability? Unheard of /sarcasm.
Thanks for the reassurance, SM.
You missed it? Don't worry. So did most people. Apple released an update to patch a few minor problems for iOS 8. Unfortunately, the update was a disaster. Those who installed it on iPhone 6 models suddenly found themselves unable to connect to the cellular network or WIFI and the Battery was draining rapidly. Most other devices were OK. OOPS! Apple pulled iOS 8.0.1 after it was available for only one hour and 14 minutes.
About 800,000 users applied iOS 8.0.1 before it was pulled and those with iPhone 6 and 6 Plus had to connect to a computer and restore their iPhones to iOS 8.0. A few people were in the middle of downloading and installing when it was abruptly pulled and also had to restore.
Two days later, Apple released iOS 8.0.2 which was fine. . . No problems so far.
No, no, for-q, that was freedumb2003's line up in comment #6. Do you guys play for the same team, dress alike, and follow each other around, too?
In any event, you're way late -- Apple has already released the patch. Please try to be more punctual in the future.
Thanks for playing -- Cheers! :)
Apple released the Bash patch, and it's the correct (i.e. final) one, clean with no warnings/errors.
http://arstechnica.com/apple/2014/09/apple-patches-shellshock-bash-bug-in-os-x-10-9-10-8-and-10-7/
These are the individual pages on Apple's upport site:
http://support.apple.com/kb/DL1767 – OS X LionTakes about a minute to find and download, and about a minute to install and check.
http://support.apple.com/kb/DL1768 – OS X Mountain Lion
http://support.apple.com/kb/DL1769 – OS X Mavericks
I just updated my Mavericks 10.9.5 system, works fine.
Nice try.
Only insofar as you deliberately take steps that plainly open it up to malware.
As another said: those who know how to open this vulnerability aren’t stupid enough to do it, and those who know how to exploit it know it’s not worth the effort because of the aforementioned.
Apple will, nonetheless, patch the possible flaw.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.