Apple is responding to the Shell shock vulnerability that was recently found (and unofficially patched). Apple has recognized the issue and will be out with a fix very soon. The bug, which affects the commonly used Bash shell in Unix and Linux systems, affects Mac systems because OS X contains a BSD layer that includes the Bash shell. However, in a statement to iMore, Apple claims the issue is not a serious concern for Mac users unless they have enabled specific remote connectivity.
The vast majority of OS X users are not at risk to recently reported bash vulnerabilities…Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.
Since this bug affects all versions of Bash, it is present on all versions of OS X; however, Apple does not specify what versions of OS X the upcoming update will address. When Apple does release its fix, be sure to apply it. In the mean time, you can use these instructions to apply a quick fix for the issue.