Apple issues Shellshock Bash bug patch for Mac OS X users


Apple patchThe Shellshock bug in Bash being actively exploited online.

According to reports, malicious hackers are exploiting the flaw to spread malware, open backdoors, and launch denial-of-service attacks.

Which means that it’s important that vulnerable devices are patched as quickly as possible.

So it’s good to see that overnight Apple has rolled out what it is calling “OS X bash Update 1.0” for users of Mavericks, Mountain Lion and Lion.

OS X Bash update

The good news is that the vast majority of Apple’s Mac OS X users probably weren’t at risk from having their computers exploited by the Shellshock vulnerability because they wouldn’t have configured their systems in such a way as to allow the Bash shell to be accessed remotely. The better news is that Apple hasn’t used this as an excuse not to patch the bug regardless.

So, if you use Mac OS X, make sure you download and install the patch.

If you’re not sure whether you are running a patched version of Bash on your Mac, here’s how you check.

Open the Terminal application (which you can either find via Spotlight search, or by navigating to the Applications / Utilities folder).

Find Terminal application in Spotlight

Enter the following command at the $ prompt:

bash -version

Bash updated

If you’ve done that correctly, you should be shown a version number for Bash.

On Mavericks, it should now say GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13).

On Mountain Lion it should say GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12).

And on Lion it should say GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11).

Tags: , , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , , ,

5 Responses

  1. Jim Goodyear

    October 1, 2014 at 11:48 am #

    Very Timely and Useful Bash/Mavericks info from you Graham.
    Needless to say Apple aren’t as quick off the mark as you are, but the info you supplied enabled me to find and download the update; WITHOUT having to wait for Apple to tell me about it, if they ever did.
    Thanks again
    Jim Goodyear

  2. Sharon

    October 2, 2014 at 2:07 am #

    Here is a great Video on it

  3. onarock

    October 2, 2014 at 5:56 pm #

    i run lion, and the update seems to be only for maverick.…this is my bash version “version 3.2.48(1)-release” now what do i do?????


    • onarock in reply to onarock.

      October 2, 2014 at 6:00 pm #

      ok, thanx to your site, i found the lion link for the patch.….thanx so much.…all is good


  4. Raymond Naseef

    October 12, 2014 at 1:58 am #

    For the Mavericks fix, open URL

    I also found this from

    If that does not work, open URL in their image above:


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.