Apple on bash bug: OS X users have nothing to fear

By this point you’ve no doubt heard about the bash vulnerability that has attracted its fair share of attention. The bug, sometimes being referred to as “Shellshock”, is a serious threat to certain systems running Linux, Unix, and OS X. For the average OS X user, however, there is nothing to worry about.

The bug surfaced in recent days, and many have been scrambling to get patches in place that fix the issue. End users have been in the lower-priority slot on the totem pole, but for those using OS X, there’s no need to worry. So says Apple, which recently emailed us this statement:

The vast majority of OS X users are not at risk to recently reported bash vulnerabilities. Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.

Though news about the bash bug has only recently come into the light, those with malicious intent are moving rapidly to exploit the issue. A botnet called wopbot, for example, has already surfaced and is used to actively scan for any systems that are vulnerable.