'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
Security researchers from Red Hat have uncovered a new exploit in the common "Bash" command shell found in OS X and Linux which can be used to deploy malicious code with minimal effort. Due to the ubiquity of the Bash shell, the exploit can affect a wide variety of different web-connected devices and properties, including unsecured websites, smart home appliances, servers, and more.
Security researcher Robert Graham noted on his blog that the Bash exploit is "as big as Heartbleed," referring to the flaw discovered earlier this year in the popular OpenSSL software which secures connections between clients and servers:
Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.
Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed.
Heartbleed was said to have affected 66% of the Internet, although Apple announced in April that the exploit did not affect its software or "key services." Apple also released updates for the AirPort Extreme and Time Capsule to better secure both web devices against Heartbleed.
A topic discussing the Bash exploit on StackExchange also notes that Apple did not include a fix for the bug in its latest round of security updates that came alongside the release of OS X Mavericks 10.9.5 last week. It is possible however that Apple will release a fix for OS X in the near future to address the exploit, similar to what it has done for other security issues in the past.
Popular Stories
Apple turns 50 this year, and its CEO Tim Cook has promised to celebrate the milestone. The big day falls on April 1, 2026.
"I've been unusually reflective lately about Apple because we have been working on what do we do to mark this moment," Cook told employees today, according to Bloomberg's Mark Gurman. "When you really stop and pause and think about the last 50 years, it makes your heart ...
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld.
The report, citing industry sources, is available in English on Macworld.
Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
In the iOS 26.4 update that's coming this spring, Apple will introduce a new version of Siri that's going to overhaul how we interact with the personal assistant and what it's able to do.
The iOS 26.4 version of Siri won't work like ChatGPT or Claude, but it will rely on large language models (LLMs) and has been updated from the ground up.
Upgraded Architecture
The next-generation...
While the iOS 26.3 Release Candidate is now available ahead of a public release, the first iOS 26.4 beta is likely still at least a week away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April.
Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far.
iOS 26.3
iPhone to Android Transfer Tool
iOS 26.3 makes it easier...
The iPhone 18 Pro Max will feature a bigger battery for continued best-in-class battery life, according to a known Weibo leaker.
Citing supply chain information, the Weibo user known as "Digital Chat Station" said that the iPhone 18 Pro Max will have a battery capacity of 5,100 to 5,200 mAh. Combined with the efficiency improvements of the A20 Pro chip, made with TSMC's 2nm process, the...
