Mac OS X Mavericks Vulnerable to Shellshock
Apple's Senior Vice President Craig Federighi introduces OS X Mavericks in 2013, which the company admits is vulnerable to the Bash Bug, aka Shellshock. Reuters

Apple has admitted that its Mac OS X operating system is vulnerable to the Bash Bug - known as Shellshock - and that the millions of people using its MacBook laptops and Mac desktop computers are potentially at risk.

The company has played down the risk however, saying that if users have default settings enabled - which the vast majority will have - then there is no risk.

In a statement sent to iMore, the company said the vulnerability would give hackers the ability to remotely control victims' computers, potentially allowing them launch malicious software to harvest personal information. Apple says it is working quickly to patch the problem.

Apple's statement in full reads:

"The vast majority of OS X users are not at risk to recently reported Bash vulnerabilities. Bash, a Unix command shell and language included in OS X, has a weakness that could allow unauthorised users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced Unix services. We are working to quickly provide a software update for our advanced Unix users."

Low risk

Shellshock, which was only uncovered this week, is a flaw in the command shell known as Bash, which is used on millions of computers, web servers and embedded devices. The flaw could theoretically allow hackers to infect systems in order to harvest data or remotely control the victim's system.

In relative terms, it appears the risk for Mac users is pretty low, as hackers are much more likely to target web servers running the Apache web server software, which uses Bash to run background processes, and which would allow them to infect a much greater number of systems.

Recent figures put the number of internet sites hosted on web servers running Apache at over 50%.

While those people using advanced settings on Mac OS X should be able to easily ascertain if they are at risk - and patch the problem using Xcode - for less advanced users, there is an easy way to check your system:

How to check if you Mac is vulnerable:

This is a relatively simple one to check. Simple call up a Terminal on your desktop, and type in this line of code at the $ prompt:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If your system is vulnerable, then you will see this:



If it is not vulnerable you will see this:

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for 'x'