If you’ve followed my advice on installing the patches put out by Apple to protect yourself from Shellshock, then I have some good news for you. You’re protected from two of three vulnerabilities. Here’s the bad news:
Apple fixed two vulnerabilities yesterday, but a third Shellshock vulnerability in OS X was discovered by another Rapid7 security researcher, Greg Wiseman. He says he ran a script to test for Bash/Shellshock vulnerabilities and found that even after installing Apple’s patch on OS X Mountain Lion (released in 2012) the operating system was still susceptible to another vulnerability. That vulnerability, CVE-2014-7186, is a bug that could allow for Denial of Service attacks, which would prevent a Mac from connecting to local networks or the Internet.
Apple didn’t respond to a request for comment.
I was afraid of this given the fact that my quick look at my Mac after I patched it indicated that it MIGHT still be open to being attack. Now we know for sure. You should still install the patches that Apple put out earlier this week. But it would be nice if Apple made Macs completely secure from this by closing this third hole and doing it quickly.
Related
This entry was posted on October 1, 2014 at 5:33 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Patched Macs Could Still Be Affected By Shellshock
If you’ve followed my advice on installing the patches put out by Apple to protect yourself from Shellshock, then I have some good news for you. You’re protected from two of three vulnerabilities. Here’s the bad news:
Apple fixed two vulnerabilities yesterday, but a third Shellshock vulnerability in OS X was discovered by another Rapid7 security researcher, Greg Wiseman. He says he ran a script to test for Bash/Shellshock vulnerabilities and found that even after installing Apple’s patch on OS X Mountain Lion (released in 2012) the operating system was still susceptible to another vulnerability. That vulnerability, CVE-2014-7186, is a bug that could allow for Denial of Service attacks, which would prevent a Mac from connecting to local networks or the Internet.
Apple didn’t respond to a request for comment.
I was afraid of this given the fact that my quick look at my Mac after I patched it indicated that it MIGHT still be open to being attack. Now we know for sure. You should still install the patches that Apple put out earlier this week. But it would be nice if Apple made Macs completely secure from this by closing this third hole and doing it quickly.
Share this:
Like this:
Related
This entry was posted on October 1, 2014 at 5:33 pm and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.