Geert's Place

After Heartbleed, there is another serious bug around which is affecting Mac and linux systems. More specifically : it is a bug present in bash. This bug can be exploited and it can give an attacker the possibility to run arbitrary commands on your system. In other words: this is extremely dangerous. An overview of the attack vectors can be found on this site.

There are 2 tests you can perform yourself, to check whether your system is vulnerable to the 2 attack vectors :
In a terminal window, type the following command, followed by enter

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

The result should be :

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

If you get the following output, your system is vulnerable :

vulnerable
this is a test

Also check your system for the second vulnerability :

env X='(){(a)=>\’ bash -c “echo date”; cat echo; rm -f echo

You should see this :

date
cat: echo: No such file or directory

In case you get the following output, your system is again vulnerable to the exploit :

date
[The Current Date and Time]

So what you need to do in case your system returned one or both of the bad outputs

Apple already said they are working on a patch, and that “the vast majority of Apple computers are not vulnerable”. However, I can only highly recommend patching this bug yourself – it doesn’t take long and it’s not complicated.

The only prerequisite is Xcode – Apple’s development platform. You can download it for free from the App Store.

Next, perform the following steps from within a Terminal window :

It will spawn a lot of text while it’s compiling, and it should come up with “BUILD SUCCEEDED” when it’s done.
The second patch will be addressed like so :

Again, you’ll see “BUILD SUCCEEDED“. Now it’s time to make a backup of your old bash. Perform the following commands in a Terminal window :

sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old

Now replace the old bash with the new, compiled version :

sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin

Run the 2 tests again; the output should be fine now.

Just open a Terminal, and run the following command :

It takes a few minutes to finalize, but afterwards you should be good ! 😉  Also, you may have to relaunch Finder – Control+Option+click on the Finder icon, and then click Relaunch.