Apple has released patch fixes plugging a widespread security flaw, codenamed Shellshock, which affects ‘a small number of OS X users'.
The patches fix the Shellshock bug in the Bash code used by all Unix and Unix-like operating systems, discovered earlier in September.
The number of systems affected led to concerns that the bug could be used to mount crippling attacks on numerous targets, including the SCADA systems running critical infrastructure.
Since being discovered numerous attacks exploiting Shellshock have been discovered. Most recently FireEye and Trend Micro uncovered attacks exploiting the flaw for exploratory purposes.
The attacks are believed to be intelligence work by hackers in the lead up to a wave of more serious cyber strikes targeting the flaw.
The purpose of the follow-up attacks though researchers have warned Shellshock can be exploited for a variety of purposes including distributed denial of service (DDoS), collecting and sending sensitive system information, and opening backdoor connections.
Before this, researchers from Zscaler ThreatLabz reported uncovering evidence hackers are exploiting Shellshock to install malware on Nginx and Apache web servers.
At the time of publishing Apple had not responded to V3's request for comment on whether any of the attacks targeted Mac OS X users.
However, senior solutions architect at Alert Logic Richard Cassidy told V3 the secure nature of OS X makes it unlikely hackers would go to the trouble of targeting Apple customers.
"Shellshock requires two things, first your system must first be accessible to the attacker remotely so that they can inject arbitrary commands – in some cases they'll need to authenticate to a shell before they can do this. [Second] you must be running the affected versions of bash," he said.
"Unless you've [Mac OS X users] enabled remote access services (SSH for example) or are running web services (permitting scripting) to the outside world or if you have a habit of connecting to untrusted and open AP's in the wild; it should be business as normal."
Despite Cassidy's assurances Shellshock's widespread and volatile nature led Apple to break its stringent policy of not discussing security incidents until they are resolved and release a threat advisory assuring its users that only a very small number of OS X users are affected on 26 September.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago