Securing Your Machines from the "Shellshock" Bug
Dubbed "Shellshock", this exploit can allow attackers to inject code through the Bash utility. The affected software being common in Unix based systems can potentially put both Mac and Linux users at risk - not to mention the vast number of servers which run some sort of Linux variation. The following video explains it quite well, so that even the average person can understand.
On both Mac and Linux systems, you can run
env x='() { :;}; echo vulnerable' bash -c 'echo test'
in the Terminal. If you're affected then you'll get a vulnerable test
back, while if you are not then you'll get a slightly longer warning message like this
bash: warning: x: ignoring function definition attempt bash: error importing function definition for 'x' test
.
The Bash version can also be verified by entering bash --version
and on OS X if you have the version 3.2.51(1)-release show up then you should take a look on the thread here for instructions on how to update.
While on Linux systems it's more straight forward and you can simply just update Bash itself by running sudo apt-get update && sudo apt-get install --only-upgrade bash
.