Apple introduced a patch Monday for Shellshock, a critical software vulnerability revealed a week ago, although apple said it posed no risk to the majority of users.
Shellshock is the name for a exploit within the GNU Bourne Again Shell, or Bash, which is a command-line shell processor utilized for sending commands to an operating-system. It’s common in Unix and Linux systems.
The flaw in Bash, that has been present for 20 years, can permit an attacker to take complete power over a computer if the software is remotely accessible. An attacker could add malicious commands into a CGI (Common Gateway Interface) request, which will then be processed by a server.
While security experts rank the Bash flaw as severe, the risk is dependent on how it is wrapped into other software.
Apple’s OS X operating system is derived from Unix. Soon after the flaw became public, Apple advised that only users who have configured advanced Unix services may be vulnerable to the Bash flaw.
Security vendor Intego stated Bash could be exposed on OS X if remote login was switched on for users, a typically risky setting in any case. Older OS X servers running Apache or PHP scripting environments may also potentially permit access to Bash, it said.