shellshock-on-mac

Recently there was a security flaw discovered in bash. It’s called “Shellshock”. I colleague circulated how to fix so I am posting it. This is for folks on a Mac. If you are unsure if you are vulnerable to begin with follow these steps:

1. Open Terminal

2. Paste this and hit return: env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

3. If your terminal says vulnerable then need to follow the next steps. Paste each line in order one after each other:

mkdir bash-fix
cd bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf –
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
curl http://alblue.bandlem.com/bash32-053.patch | patch -p0
cd ..
xcodebuild
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old
build/Release/bash –version # GNU bash, version 3.2.53(1)-release
build/Release/sh –version # GNU bash, version 3.2.53(1)-release
sudo cp build/Release/bash /bin
sudo cp build/Release/sh /bin

(H/T: @bradparbs)

css.php