Updates bash for OS X Lion, Mountain Lion and Mavericks
Although nearly all Mac users are unaffected by the issue Apple has made good on its word to quickly fix a serious security flaw in bash, a Unix shell that comes as part of OS X. Apple acknowledged the problem on Friday, and today released OS X bash update 1.0 for OS X Lion (10.7), Mountain Lion (10.8) and Mavericks (10.9). The flaw, known as "Shellshock," could potentially allow users who have set up advanced Unix services that interact with the web to be vulnerable to remote intrusion.
Security firm goes public after missed deadlines
[Update: This bug has been fixed as part of Security Update 2010-007, released today] An important security bug in Mac OS X 10.5 (Leopard) that remains unpatched despite missed deadlines from Apple has forced Core Security Technologies to go public with the exploit, even though a fix may be imminent. Apple was informed of the flaw, which has also been used to create jailbreaking software for iOS devices, and has already developed a patch -- but has missed two promised deadlines to release it, says the firm.
Tiger, Leopard flaw
Similar to the Office 2008-related permissions problem reported earlier today, Mac OS X 10.4 Tiger and 10.5 Leopard users may be susceptible to additional vulnerabilities. MacNN reader Robert Myers reports that when using a standard user account to copy software in to the Applications folder, the authentication that takes place not only allows the software to be inserted in to the folder (as it should) but also changes the owner of the application to the current user.