Shellshock: Apple Admits Mac OS X is Vulnerable to Bash Bug

Apple has admitted that its Mac OS X operating system is vulnerable to the Bash Bug - known as Shellshock - and that the millions of people using its MacBook laptops and Mac desktop computers are potentially at risk.

The company has played down the risk however, saying that if users have default settings enabled - which the vast majority will have - then there is no risk.

In a statement sent to iMore, the company said the vulnerability would give hackers the ability to remotely control victims' computers, potentially allowing them launch malicious software to harvest personal information. Apple says it is working quickly to patch the problem.

Apple's statement in full reads:

Low risk

Shellshock, which was only uncovered this week, is a flaw in the command shell known as Bash, which is used on millions of computers, web servers and embedded devices. The flaw could theoretically allow hackers to infect systems in order to harvest data or remotely control the victim's system.

In relative terms, it appears the risk for Mac users is pretty low, as hackers are much more likely to target web servers running the Apache web server software, which uses Bash to run background processes, and which would allow them to infect a much greater number of systems.

Recent figures put the number of internet sites hosted on web servers running Apache at over 50%.

While those people using advanced settings on Mac OS X should be able to easily ascertain if they are at risk - and patch the problem using Xcode - for less advanced users, there is an easy way to check your system:

How to check if you Mac is vulnerable:

This is a relatively simple one to check. Simple call up a Terminal on your desktop, and type in this line of code at the $ prompt:

If your system is vulnerable, then you will see this:

If it is not vulnerable you will see this: