Experts say Apple's Mac Shellshock Patch is Incomplete
| Marc Maligalig | | Oct 01, 2014 07:00 AM EDT |
(Photo : Reuters Mal Langsdon)
Although Apple issued a fix for the Bash bug in the previous week, Tod Beardsley, an engineering manager for security firm Rapid7, said Tuesday that the patch is incomplete, leaving one vulnerability wide open to would-be hackers.
The Bash bug, also known as Shellshock, affects the majority of computers around the globe running on Linux and Unix, including the Cupertino-based company's OS X operating system for Macintosh computers.
Like Us on Facebook
The 25-year old Shellshock weakness lets possibly malicious codes to run inside a bash shell, which is a simple and common interface for delivering commands to the computer. The Shellshock vulnerability could be potentially used to obtain private data or gain control of the computer.
Beardsley said that the Bash bug is extremely dangerous as it is easily exploited, and can give cyber-criminals the capability to take over a Mac.
Robert David Graham from Errata Security has compared Bash to the Heartbleed security bug discovered in April, since they both have wide and potential long-term effects on the security of computers.
Apple fixed two of the vulnerabilities, designated as CVE-2014-7186 and CVE-2014-7187, with the patch released Monday of the previous week, but a third Bash bug vulnerability was discovered in OS X by Greg Wiseman, another security researcher at Rapid7.
Wiseman said that he ran a script to test for Shellshock vulnerabilities and found that even after Apple's patch on OS X Mountain Lion, which was released in 2012, was installed, the operating system was still susceptible to another vulnerability.
The newly discovered vulnerability, named the CVE-2014-7186, is a bug that could prevent a Mac from connecting to the Internet or local networks by allowing Denial of Server attacks to be carried out.
Meanwhile, Apple has issued a public statement assuring consumers who are using the OS X that they are mostly safe from the exploit.
Apple added that in the company's OS, systems are safe by default and are not exposed to being exploited remotely with the shell unless users have altered the advanced settings of UNIX services.
"We are working to quickly provide a software update for our advanced UNIX users," said an Apple spokesperson.
TagsBash Bug, Shellshocker, Shellshock, Apple Inc., Shellshock Patch, internet security, OS X, Macintosh OS X, Mac, Heartbleed, CVE-2014-7187, CVE-2014-7186
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?
