[消息] About OS X bash Update 1.0 - Protecting Yourself Against Shellshock - iPhone4.TW


顯示結果從 1 到 5 共計 5 條
  1. #1


    謝謝你: 106
    在 20篇文章中獲得 39個感謝
    update 吧各位...安全第一 就算你不用bash...

    Apple 官方聲明: http://support.apple.com/kb/HT6495

    OS X Lion 更新檔連結: http://support.apple.com/kb/DL1767
    OS X Mountain Lion 更新檔連結: http://support.apple.com/kb/DL1768
    OS X Mavericks 更新檔連結: http://support.apple.com/kb/DL1769

    This update can be downloaded from the Apple Support website.
    For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.
    For information about the Apple Product Security PGP Key, see How to use the Apple Product Security PGP Key.
    Where possible, CVE IDs are used to reference the vulnerabilities for further information.
    To learn about other Security Updates, see Apple Security Updates.

    OS X bash Update 1.0


    Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5

    Impact: In certain configurations, a remote attacker may be able to execute arbitrary shell commands

    Description: An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement.

    This update also incorporated the suggested CVE-2014-7169 change, which resets the parser state.

    In addition, this update added a new namespace for exported functions by creating a function decorator to prevent unintended header passthrough to Bash. The names of all environment variables that introduce function definitions are required to have a prefix "__BASH_FUNC<" and suffix ">()" to prevent unintended function passing via HTTP headers.


    CVE-2014-6271 : Stephane Chazelas

    CVE-2014-7169 : Tavis Ormandy

    Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

    more details about Shellshock : http://www.checkpoint.com/blog/prote...ock/index.html
    此篇文章於 10-01-2014 02:31 被 吉米丘 編輯。

  2. #2
    吉米丘 的頭像


    謝謝你: 9,906
    在 6,553篇文章中獲得 48,053個感謝


  3. #3


    謝謝你: 2
    在 2篇文章中獲得 2個感謝
    請問~是否有snow leopard 版本的更新?

  4. #4
    AndyLee76 的頭像


    謝謝你: 116
    在 164篇文章中獲得 273個感謝
    Yosemite 更新到 GM Candidate 1就補上這個漏洞囉~

  5. #5
    白蘋果咬一口 的頭像


    謝謝你: 2
    在 2篇文章中獲得 2個感謝
    請問各位大大,Yosemite Beta 10.10需要安裝osx bash嗎?謝謝




  1. [消息] OS X 10.8.3 Update
    由mengjertsai論壇中Mac 最新消息區
    回覆: 3
    最後發表: 03-16-2013, 11:05
  2. 回覆: 0
    最後發表: 10-05-2012, 09:40
  3. [消息] Apple正式發佈「OS X Mountain Lion Update v10.8.1」軟體更新。
    由kouko.d論壇中iPhone 最新消息
    回覆: 1
    最後發表: 08-24-2012, 09:34
  4. [消息] Mac OS X 10.7.3 Supplemental Update
    由Rmonline論壇中Mac 最新消息區
    回覆: 3
    最後發表: 03-06-2012, 15:17
  5. About the Mac OS X 10.5.3 Update
    由star.tw論壇中Mac 硬體疑難雜症區
    回覆: 7
    最後發表: 06-21-2008, 22:22


  • 不可以發表新主題
  • 不可以發表回覆
  • 不可以上傳附件
  • 不可以編輯自己的文章