CHINA TOPIX

12/22/2024 06:21:28 pm

Make CT Your Homepage

Experts say Apple's Mac Shellshock Patch is Incomplete

A lock icon, signifying an encrypted Internet connection

(Photo : Reuters Mal Langsdon)

Although Apple issued a fix for the Bash bug in the previous week, Tod Beardsley, an engineering manager for security firm Rapid7, said Tuesday that the patch is incomplete, leaving one vulnerability wide open to would-be hackers.

The Bash bug, also known as Shellshock, affects the majority of computers around the globe running on Linux and Unix, including the Cupertino-based company's OS X operating system for Macintosh computers.

Like Us on Facebook

The 25-year old Shellshock weakness lets possibly malicious  codes to run inside a bash shell, which is a simple and common interface for delivering commands to the computer. The Shellshock vulnerability could be potentially used to obtain private data or gain control of the computer.

Beardsley said that the Bash bug is extremely dangerous as it is easily exploited, and can give cyber-criminals the capability to take over a Mac.

Robert David Graham from Errata Security has compared Bash to the Heartbleed security bug discovered in April, since they both have wide and potential long-term effects on the security of computers.

Apple fixed two of the vulnerabilities, designated as CVE-2014-7186 and CVE-2014-7187, with the patch released Monday of the previous week, but a third Bash bug vulnerability was discovered in OS X by Greg Wiseman, another security researcher at Rapid7.

Wiseman said that he ran a script to test for Shellshock vulnerabilities and found that even after Apple's patch on OS X Mountain Lion, which was released in 2012, was installed, the operating system was still susceptible to another vulnerability.

The newly discovered vulnerability, named the CVE-2014-7186, is a bug that could prevent a Mac from connecting to the Internet or local networks by allowing Denial of Server attacks to be carried out.

Meanwhile, Apple has issued a public statement assuring consumers who are using the OS X that they are mostly safe from the exploit.

Apple added that in the company's OS, systems are safe by default and are not exposed to being exploited remotely with the shell unless users have altered the advanced settings of UNIX services.

"We are working to quickly provide a software update for our advanced UNIX users," said an Apple spokesperson.

Real Time Analytics