Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

General Discussion

Posted by Calvin Nix
Calvin Nix
43,828 Points

Security flaw in the bash Unix Shell

Hello all Mac and Linux users ( windows users please carry on with reading articles about windows 10 ),

There has been a security flaw discovered in bash.

"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users." - Apple Spokesperson

http://www.macrumors.com/2014/09/29/apple-os-x-mavericks-bash-update/

To check to see if you are vulnerable navigate to your Terminal and run the following command

bash --version

If the version 3.2.51(1) is returned then you will want to update because your system is vulnerable.

Link to download fix: http://support.apple.com/kb/DL1769?viewlocale=en_US&locale=en_US

Take Care, Calvin

Logan R
Logan R
22,989 Points

+1

Jason Taylor
Jason Taylor
3,059 Points

Thanks for posting this! Need to update!

1 Answer

Chris Shaw
Chris Shaw
26,676 Points
Chris Shaw
Chris Shaw
26,676 Points

The biggest thing that's annoyed me is that 90% of all OS X users on the planet aren't in any direct trouble because of this flaw, the reasoning behind that is by default OS X comes with RDC and remote authentication features disabled along with shell access being restricted to the local user.

Even if you see "vulnerable" in your terminal window it doesn't mean you need to worry about an imminent attack as someone first needs to know you have an Mac, they need your IP and you also have to have remote logins enabled.

In my opinion this situation was handled very poorly as everyone has rushed to judgement without explaining the simple steps to ensure you're protected just by checking a couple of options.

Jeff Busch
Jeff Busch
19,287 Points

The sky is falling.

James Barnett
James Barnett
39,199 Points

Examples of exploitable systems include the following:

  • Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
  • Certain DHCP clients
  • OpenSSH servers that use the ForceCommand capability
  • Various network-exposed services that use Bash