I’ve been reading about this newly discovered bug in the Bash Unix shell command line interface called “shellshock” and it apparently puts my Mac OS X system at risk? How do I fix my iMac before it’s hacked?
All modern Mac systems run Mac OS X which is built atop a Unix (well, NetBSD) base which means, yes, it is indeed vulnerable to the exploit identified as the shellshock bug. Basically it means that if somehow someone got some code on your system that you’d then run (perhaps an “installer” for an otherwise benign game or utility) then they could indeed sneak their way onto your system and install other code of a more malicious nature. Not so good.
The fix is complicated but Apple’s just released a system update that makes quick work of it, thankfully.
Basically what has to happen is that you need to update to a newer version of Bash. Before we start, however, let me show you how to test and see what version you’re running. Open up “Terminal” (easiest way is to use Spotlight to search for the app), then type in “bash –version”, like this:
If this is the version you have, version 3.2.51, then you need to update.
Choose “App Store” from the Apple menu on the top left corner of your screen, then click on “Updates” along the top row of icons:
It’s the “Command Line Tools” update that you want to apply.
Curious about it? Click on “More” to get more information…
(shh, I’m also running a pre-release version of Yosemite, the next version of Mac OS X, which is what the second update is about. Mum’s the word though, okay?)
Click on either “Update” to just apply the specific update to your system, or “Update All” to apply all system and app updates. I definitely recommend the latter in just about all cases.
The system will remind you that after the download it’s going to need to restart your system. You’ll get this prompt:
It’s a good time to shut down all your apps, save all your files, etc.
Then click on “Download & Restart”.
Shouldn’t take too long as it’s not particularly large at 1GB combined (the command line tools update is considerably smaller), then it’ll restart your system and apply the updates with a progress window:
Finally, it’ll restart yet again and you should be good to go!
To test, again open up the Terminal app and run “bash –version”. This time it’s different:
Ah, you can see it’s 3.2.53, instead of 3.2.51. Problem solved.
Thanks to Apple for being so fast in responding to this exploit!
Dave, thanks. I have the older bash version but there is no bash update in my update list. is there a way to manually find it?
Dave thanks for this useful information. I have been to the App Store and this update did not appear when I clicked Updates. I am in the UK – I do not know if this makes any difference?Thanks, Mike
Try this link, Mike: http://support.apple.com/kb/DL1769
Thanks Dave. Has anyone seen this update show up on Mavericks? I’m not seeing the update.
Is this update available for Mavericks yet? I checked the App Store, and alas, nothing for these tools even though I have the errant bash, and the latest Mavericks update.
Oops, turns out that the Mavericks update is available on the Apple site but not through the update process yet. For some really weird reason. Download the update here instead: http://support.apple.com/kb/DL1769