Tag: Apple
Shellshock exploit
by Geert on Sep.28, 2014, under Apple
After Heartbleed, there is another serious bug around which is affecting Mac and linux systems. More specifically : it is a bug present in bash. This bug can be exploited and it can give an attacker the possibility to run arbitrary commands on your system. In other words: this is extremely dangerous. An overview of the attack vectors can be found on this site.
There are 2 tests you can perform yourself, to check whether your system is vulnerable to the 2 attack vectors :
In a terminal window, type the following command, followed by enter
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
The result should be :
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
If you get the following output, your system is vulnerable :
vulnerable
this is a test
Also check your system for the second vulnerability :
env X='(){(a)=>\’ bash -c “echo date”; cat echo; rm -f echo
You should see this :
date
cat: echo: No such file or directory
In case you get the following output, your system is again vulnerable to the exploit :
date
[The Current Date and Time]
So what you need to do in case your system returned one or both of the bad outputs
Apple already said they are working on a patch, and that “the vast majority of Apple computers are not vulnerable”. However, I can only highly recommend patching this bug yourself – it doesn’t take long and it’s not complicated.
The only prerequisite is Xcode – Apple’s development platform. You can download it for free from the App Store.
Next, perform the following steps from within a Terminal window :
It will spawn a lot of text while it’s compiling, and it should come up with “BUILD SUCCEEDED” when it’s done.
The second patch will be addressed like so :
Again, you’ll see “BUILD SUCCEEDED“. Now it’s time to make a backup of your old bash. Perform the following commands in a Terminal window :
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
Now replace the old bash with the new, compiled version :
sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin
Run the 2 tests again; the output should be fine now.
Fix those ugly “Open With..” duplicates in OSX
by Geert on Nov.01, 2013, under Apple
Just open a Terminal, and run the following command :
It takes a few minutes to finalize, but afterwards you should be good ! 😉  Also, you may have to relaunch Finder – Control+Option+click on the Finder icon, and then click Relaunch.