Following its acknowledgement of the Shell Shock bug, Apple has issued an update to OS X versions 10.7.5 and above, which installs a new version of Bash that fixes some of the recently found holes in this small but critical aspect of OS X. The fix, called “OS X Bash Update 1.0,” should be available for download through Apple’s Software Update service, which can be accessed by going to the Apple menu.
In addition to being available in the Software Update service, you can get the updates from the following pages and apply them manually:
OS X 10.6 “Snow Leopard”: (See below)
OS X 10.7 “Lion”: http://support.apple.com/kb/DL1767
OS X 10.8 “Mountain Lion”: http://support.apple.com/kb/DL1768
OS X 10.9 “Mavericks”: http://support.apple.com/kb/DL1769
Once you have run these updates, you can check that bash has been updated by opening the Terminal and running the following command:
bash --version
When you do this, you should see output that reads “GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13).” This should be the same for OS X 10.7 Lion, 10.8 Mountain Lion, and 10.9 Mavericks.
Note that this update is in fact not the latest one for version 3.2 of Bash, and does not address all bugs that have been found; however, it does close the specific security hole that has been dubbed “Shell Shock.”
Additionally, if you have already fixed Shell Shock by downloading, patching, and installing bash manually, then while you can still apply this patch, it is not necessary to do. Simply run the “bash –version” command mentioned above, and if you are running version 3.2.53 or later, then you will have all of the patches that Apple has applied to Bash. If you have not yet patched your Mac, then now is the time to run Software Update, or download the relevant updater for your system and apply it.
Lastly, this update does not cover OS X 10.6 systems, so if you are still running Snow Leopard, then you will still need to install XCode version 3.2 and then download and compile the fixed version of bash manually. Once XCode is installed, then the follow the instructions to patch bash. While patching and recompiling Bash is the recommended route, another is to modify one of Apple’s official patches so it will install on Snow Leopard systems.
As always, be sure you have a full backup of your system before running this or any other software update.
Yosemite Public Beta?
Checking the bash version [GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)] don’t worry if the Darwin version does not match. I updated 10.7.5 and it showed darwin11. I suspect 10.8 and 10.9 will show different darwin version numbers as well.
Correct. The 13 refers to the Darwin version of Mavericks. For Lion it’s 11 and for Mountain Lion it’s 12. (For Yosemite it’s 14 but the article doesn’t mention it).
You will have to wait for the next seed, expected real soon now.
The darwin version does make a difference, which is why you must apply the appropriate version of Apple’s updates and if you compile your own patch, it needs to be done in the OS X version it will be used in. Mountain Lion should be darwin12 and Mavericks darwin13. If and when a Yosemite update is released it will be darwin14
It does not show in Apple’s Software Update.
Finally, it has shown on Apple Software Update. Here is the Terminal output:
Last login: Sat Oct 18 11:46:20 on console
[Mac:~] me% bash –version
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
[Mac:~] me%
Yosemite Public Beta 4:
$ bash –version
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin14)
Copyright (C) 2007 Free Software Foundation, Inc.
Bash is up to version 4.3, so I wonder why Apple is only at 3.2?
I have an older iMac running Snow Leopard, but I haven’t been using that machine. However, I’m going to update it to Mavericks in anticipation of Yosemite.
Question: when I update to Mavericks will I still need to apply the Bash update or will it be baked into the newest download of Mavericks?
Good thing you gave us specific links – like MaX says, running Software Update does nothing at all. The link worked, however – thanks
Thank you for the tip on how to manually update bash !
I’m still using os X OS 10.6 Snow Leopard on my 2008 MacBook which is not able to receive the Maverick OS. Since Apple did not provide a patch for OS 10.6 Snow Leopard i really appreciate your help. I’ve been through all the steps and got this version in the end :
GNU bash, version 3.2.55(1)-release (x86_64-apple-darwin10).
Thanks.
Here’s for the crazy ones, the misfits, the trouble makers, the round heads in the square holes. The ones who see things differently… and are still running Snow Leopard.