Skip to main content

Mac OS X among those that BASH vulnerability could cripple

No more BASHing
Blame the BASH feature

System administrators all over the world have woken up to yet another major security scare - after the Heartbleed bug back in April, this time, one that affects UNIX-based operating systems including Linux, Mac OSX and potentially Android – which has roots in UNIX.

The BASH bug (or Shellshock) as it is now known was discovered yesterday by security researchers working for open source company, Red Hat and because platforms affected are ubiquitous, one should expect more damage than Heart Bleed.

Indeed, what makes it so worryingly dangerous is that it affects everything that runs GNU's Bourne Again Shell (otherwise known as BASH) and are connected to the internet.

This includes any Internet-of-things devices like video cameras that operate using web-based BASH scripts. These are not only difficult to patch but also difficult to track and audit, which makes in-the-wild exploits very likely.

ESET's Mark James gives a simple routine to find out whether your systems are affected. Type

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

The output on a vulnerable system will read


this is a test

A patched or unaffected system will output:

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for 'x'

this is a test

He added that the bug has been around for a very long time and the community doesn't really know how many systems are actually affected by it.

Desire Athow

Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology in a career spanning four decades. Following an eight-year stint at where he discovered the joys of global techfests, Désiré now heads up TechRadar Pro. He has an affinity for anything hardware and staunchly refuses to stop writing reviews of obscure products or cover niche B2B software-as-a-service providers.