Apple announced that all users of Max OS X should feel safe concerning the serious bug that was discovered in Bash. In a statement, the company confirmed that the majority of Apple users are not at risk and further stated that Apple is preparing to release a patch soon.
A representative of Apple stated that the OS X systems are safe by default. They are not exposed to remote exploits of Bash, unless the PC users configure advanced UNIX services. The Apple representative said that the company is working on providing a software update to be used by the UNIX users.
The Internet users nowadays are constantly open to malware threats and the DDoS botnet compromised many of the computers due to the Bash vulnerability. The experts say, however that the users of OS X might be less exposed to that Bash vulnerability compared to the people who use Linux and UNIX systems.
The founder and chief analyst of Securosis company, Rich Mogull, commented that the Bush bug does affect the OS X in the same way as it affects the machines with Linux and UNIX, yet most OS X machines are not based on web servers and that is why the operating system default installations are not at such great risk. The expert further advised the users not to avoid applying homespun patches on their Apple machines. Apple is already on providing a suitable patch.
The fact is that the early patches that were offered by the main distributors of Linux, such as Debian, Red Hat and Ubuntu, were all incomplete and needed reworking. Bash is the main command center for OS X, just as it is for Linux and UNIX and is used by many functions in these systems, where not all of them are visible. This turns the creation of patching for the Bash bug into a great challenge.
The cyber criminals find it easy to attach malicious code to a certain environment and to do that remotely. The vulnerability is simple as many web servers, home routers, embedded devices an also industrial control systems based on Linux invoke Bash. The systems that most often invoke Bash are the Apache servers that are using mod_cgid, mod_cgi or Git deployments over SSH.