How to unofficially fix the ‘Shell Shock’ bash vulnerability in OS X

The recent vulnerability that has affected systems running the popular Bash shell can allow an attacker to arbitrarily run code on any system that has a running installation of the unpatched bash shell. This includes every version of OS X, so if you have a Mac that you regularly use, then you can be sure it is updated first and foremost by applying any security updates that Apple issues; however, if you wish to update your system right away then you can download and compile the latest Bash version for OS X, which to date is version 3.2.

First, click this link to download Xcode from the App Store for free, and install it. If you do not use it regularly you can delete it later, but it will be required to compile the patched version of Bash. When it downloads, be sure to open it and accept its terms of use before continuing on (you can quit it after accepting the terms).

Next, you will need to download the Bash source from Apple, patch it, and then compile and install it. This sounds complicated, but can be done by running the following series of commands in the OS X Terminal after you have installed Xcode:

  1. Download and unpack Bash from Apple:
    curl | tar zxf -
  2. Change directory to the downloaded Bash folder:
    cd bash-92/bash-3.2
  3. Download the patch script from, and apply it. These must start with 052 (the first listed here), and then apply subsequent patches sequentially, if available:
    curl | patch -p0;
    curl | patch -p0;
    curl | patch -p0;
    curl | patch -p0
  4. Go up one directory and then build the patched version (a bunch of text will scroll up when you do this):
    cd ..;xcodebuild
  5. Backup the current Bash and Sh executables:
    sudo cp /bin/bash /bin/bash.bak;
    sudo cp /bin/sh /bin/sh.bak
  6. Copy the new version into place to make it the default and targeted executible
    sudo cp build/Release/bash /bin;
    sudo cp build/Release/sh /bin
  7. Remove the execute bit on the backup versions of Bash and Sh to ensure they are not run:
    sudo chmod a-x /bin/bash.bak /bin/sh.bak

After you have completed these steps, your system should have a patched version of Bash that is not vulnerable to the problem at hand. Keep in mind that while this is a fix, a more robust or complete solution may develop in the next few days, so be sure to check back here for updates on patches. In addition, if there is an update available from Apple, then be sure to apply that update instead. Doing so will replace any custom builds you have installed.

In addition, keep in mind this fix does not address the issue in full, since the problem at hand may be in hardware devices like routers, media centers, and print servers, some of which are so old that companies are no longer supporting them with updates.

Reverting the patch

To undo this change to OS X and revert your Mac back to the old version of Bash, you can perform the following steps in the Terminal:

  1. Remove the patched versions of Bash and Sh:
    sudo rm /bin/bash /bin/sh
  2. Rename the backups to their original names:
    sudo cp /bin/bash.bak /bin/bash;
    sudo cp /bin/sh.bak /bin/sh
  3. Ensure both of these files are executable:
    sudo chmod a+x /bin/bash /bin/sh

UPDATE: This fix will work with Snow Leopard, provided you have XCode version 3.2 installed on your system (which you can still download for free). Alternatively, you can try modifying one of Apple’s update installers so the Bash updates in them can be applied to a system running Snow Leopard. You can read how to modify the Bash Update installers here.


Mac Issues

At Mac Issues, we're dedicated to helping you learn how to use your Macbook properly. With tutorials, how-to troubleshooting guides & real reviews, hopefully we can make your day that little bit easier.

Read more from Mac Issues