A bug nicknamed Shellshock was found in the command-line shell processor which is widely present in many Linux and Unix systems. This bug in the Bourne Again Shell or Bash has been present in the systems since last two decades that could allow attackers to have complete control of the computer.
It’s time for all the Linux and Unix based system makers to fix the bug. Mac OS X being a Unix based system is vulnerable to the attack. However, according to Intego, which is specialised in security software for the operating system, OS X is vulnerable, but it is difficult for attackers to take advantage of it.
All the casual users needn’t be worried about the attack as the advance Unix settings are still locked on the factory defaults. However, if you are a geek and have tweaked the advance Unix settings your system could be exposed to the attackers. This could possibly include enabling remote logging for all users including guest.
Running Apache server on OS X Lion could also expose the system to attackers, Erwin wrote. An attacker could insert variables into script that the shell could run if Apache is configured to run scripts.
“This one, however, requires exploiting two holes,” he wrote. “First, in the script running on Apache, and then in turn using that compromised script to send something to the Bash shell.”
It’s possible for the user to patch the issue easily. Attacking a Mac OS X system would require exploiting two holes – firstly, the script running on Apache and secondly using the script to send something to the Bash shell.
Both these scenarios require a level of technical expertise, that’s why he wrote “Both scenarios, however, are “edge cases,”.
Research is still going on to find to what extent Internet connected devices are vulnerable to Bash. Since the exploit is illustrious many attackers have been scanning the Internet to find vulnerable systems.