lundi 29 septembre 2014

Apple: Most OS X users shouldn't worry about Shellshock

Satisfied Happy Businessman Relaxing Office


Apple has admitted that most OS X users have nothing to be concerned about when it comes to the bug that has been dubbed "worse than Heartbleed".


In a statement the firm admitted that it is already working on a software update for advanced UNIX users that repairs the major exploit that can be used by hackers to gain access to connected devices by inserting malicious code into the "Bash" command shell in OS X and Linux.


"The vast majority of OS X users are not at risk to recently reported bash vulnerabilities", an Apple spokesperson told iMore. "Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users".


Shellshock hit the headlines yesterday with many security researchers, including Darien Kindlund from FireEye, stating that "it’s worse than Heartbleed" and Robert Graham adding that some systems won’t be able to be patched to prevent damage.


The bug is a ubiquitous one and as such a large per cent of software across the web is constantly interacting with the shell and there are a number of ways it can infiltrate software.


Regular users of OS X don’t have any real need to panic and Apple has been at pains to point out it's advanced users that have configured UNIX services that are mainly at risk and may need to turn off services or apply home-made patches using Xcode.


For the full rundown on how to protect your machines from the Bash big, check out ITProPortal.com guide on the measure that can be taken.


Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.


Photo Credit: wavebreakmedia/Shutterstock






Aucun commentaire:

Enregistrer un commentaire