The Shellshock bug in Bash being actively exploited online.
According to reports, malicious hackers are exploiting the flaw to spread malware, open backdoors, and launch denial-of-service attacks.
Which means that it’s important that vulnerable devices are patched as quickly as possible.
The good news is that the vast majority of Apple’s Mac OS X users probably weren’t at risk from having their computers exploited by the Shellshock vulnerability because they wouldn’t have configured their systems in such a way as to allow the Bash shell to be accessed remotely. The better news is that Apple hasn’t used this as an excuse not to patch the bug regardless.
So, if you use Mac OS X, make sure you download and install the patch.
If you’re not sure whether you are running a patched version of Bash on your Mac, here’s how you check.
Open the Terminal application (which you can either find via Spotlight search, or by navigating to the Applications / Utilities folder).
Enter the following command at the $ prompt:
If you’ve done that correctly, you should be shown a version number for Bash.
On Mavericks, it should now say GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13).
On Mountain Lion it should say GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12).
And on Lion it should say GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11).