Apple has released patch fixes plugging a widespread security flaw, codenamed Shellshock, which affects ‘a small number of OS X users'.
The patches fix the Shellshock bug in the Bash code used by all Unix and Unix-like operating systems, discovered earlier in September.
The number of systems affected led to concerns that the bug could be used to mount crippling attacks on numerous targets, including the SCADA systems running critical infrastructure.
Since being discovered numerous attacks exploiting Shellshock have been discovered. Most recently FireEye and Trend Micro uncovered attacks exploiting the flaw for exploratory purposes.
The attacks are believed to be intelligence work by hackers in the lead up to a wave of more serious cyber strikes targeting the flaw.
The purpose of the follow-up attacks though researchers have warned Shellshock can be exploited for a variety of purposes including distributed denial of service (DDoS), collecting and sending sensitive system information, and opening backdoor connections.
Before this, researchers from Zscaler ThreatLabz reported uncovering evidence hackers are exploiting Shellshock to install malware on Nginx and Apache web servers.
At the time of publishing Apple had not responded to V3's request for comment on whether any of the attacks targeted Mac OS X users.
However, senior solutions architect at Alert Logic Richard Cassidy told V3 the secure nature of OS X makes it unlikely hackers would go to the trouble of targeting Apple customers.
"Shellshock requires two things, first your system must first be accessible to the attacker remotely so that they can inject arbitrary commands – in some cases they'll need to authenticate to a shell before they can do this. [Second] you must be running the affected versions of bash," he said.
"Unless you've [Mac OS X users] enabled remote access services (SSH for example) or are running web services (permitting scripting) to the outside world or if you have a habit of connecting to untrusted and open AP's in the wild; it should be business as normal."
Despite Cassidy's assurances Shellshock's widespread and volatile nature led Apple to break its stringent policy of not discussing security incidents until they are resolved and release a threat advisory assuring its users that only a very small number of OS X users are affected on 26 September.
The IoT faces significant compatibility challenges, which could be avoided for blockchain by adopting Hyperledger
Software engineers found the data writing bug via sparse disk images
Self-sailing container vessels won't be more efficient, says Soren Skou
Facebook told by Brussels-based court to stop tracking non-users and to delete all data held on them