Shellshock flaw in Unix systems

[altuixde]

http://www.macworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-more-open-to-attack.html

This article explains the problem. Mac users should leave Remote Login off until Apple patches the flaw (or until you compile a patched version of Bash). Remote Login is in the Sharing pane of System Preferences. Patches for various Linux variants are already being pushed out.

I wonder what the fallout due to this flaw will be. Home computers won't be directly affected as much as servers that people access remotely.

[animagic4u]

I'm worried for my friends and professor's servers but personal computers should be okay.
I have no reason to remote log in to my computer (as it is a laptop) but hopefully all my uni's servers will be safe.

[DeviantProtagonist]

Heartbleed issues in itself were already something fierce, so here's to hoping this doesn't escalate any further. Android looks to be in the clear, at least.

[altuixde]

I should add that routers may be affected also, so it would be wise to check for an update (and keep checking if there isn't one) for your router. An update isn't necessary if your router wasn't vulnerable in the first place.

[chikorita157]

I have heard of this bug several days ago, but fortunately I already patched all my Macbook Pros and the Linux VPS that is hosting my Anime blog. But considering that there has been two large scale bugs with open source software, I think companies need to realize that open source does not equal security and that the open source community needs to do a better job auditing their source code.

Fortunately, I have patched immediately (and even wrote a script to automate it) so there won't be much of an effect.

[animagic4u]

It's good that you patched your VPS so quickly. I still haven't patched my MacBook yet, but really don't feel like there's much risk on my personal laptop.

[altuixde]

Apple has released patches for various versions of OS X:

http://www.macworld.com/article/2689432/apple-patches-bash-vulnerability-in-os-x.html

Last time I checked, this update was not showing up in Software Update or the Updates section of the Mac App Store. Downloading the package installer yourself is, for now, apparently the only way to apply Apple's patch.