Apple has advised nervous customers that most of them are safe from the Shellshock hack revealed this week, which preys on a security flaw found in the Bash command in Unix. The company, while advising that a fraction of its customers are in fact at risk, said it’s working on an update to protect against any malicious code execution.
“The vast majority of OS X users are not at risk to recently reported Bash vulnerabilities,” an Apple spokesperson told the Mac-centric site iMore. “Bash, a Unix command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of Bash unless users configure advanced Unix services. We are working to quickly provide a software update for our advanced Unix users.”
The Shellshock vulnerability has been described as a worse flaw than the Heartbleed bug that affected 66 percent of the active sites online exposed earlier this year. By June, two months after the Heartbleed bug was first exposed, an estimated 300,000 servers were still vulnerable to attack.
Where users could change their passwords to avoid that hack, though, there’s little the average individual can do to protect themselves from Shellshock. The vulnerability exposes an issue in Bash code, an issue that primarily affects Web developers and site creators. Robert Graham, an Internet security expert, told the Independent that, even with the growing importance of cybersecurity, Shellshock isn’t likely to cause major issues for individuals.
“Years from now we’ll keep finding yet another device that’s still not been patched,” he said. “Of the top 10 ways hackers will hack computers this year, this won’t make the list.”