Apple soothes users' security Shellshock

Apple has assured users of Mac OS X that they are mostly not at risk from the Shellshock bug, adding that it will soon issue a patch for the flaw.

More than 500 million machines are feared to have been affected by the problem with the Bash command line common to Linux, Unix and Mac, in what some think may be the biggest computer bug of all time.

An Apple spokesman said: "With OS X, systems are safe by default and not exposed to remote exploits of Bash unless users configure advanced Unix services.

"We are working to quickly provide a software update for our advanced UNIX users."

A number of Linux vendors hastily issued patches last week following media coverage of Shellshock, with the enterprise software firm Red Hat forced to release another update following discovery of a further bug.

Security experts have warned the bug will be difficult to patch on many of the systems that are not configured for regular updates and that the effects of the flaw are likely to be drawn out, much like the Heartbleed OpenSSL bug from earlier this year.

"By June this year, there were still 300,000 servers that had not been patched following Heartbleed," said Garve Hays, a software architect at security firm NetIQ. "So it’s reasonable to expect similar vulnerabilities to remain in this case."

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing