OS X bash Update 1.0 is now available and addresses the following:
Available for:
OS X Lion v10.7.5 OS X
Lion Server v10.7.5
OS X Mountain Lion v10.8.5
OS X Mavericks v10.9.5
Impact:
In certain configurations, a remote attacker may be able to execute arbitrary shell commands
Description: An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement. OS X bash Update 1.0 may be obtained from the following webpages:
http://support.apple.com/kb/DL1767 OS X Lion
http://support.apple.com/kb/DL1768 OS X Mountain Lion
http://support.apple.com/kb/DL1769 OS X Mavericks
To check that bash has been updated:
* Open Terminal * Execute this command: bash --version * The version after applying this update will be:
OS X Mavericks: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
OS X Mountain Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
OS X Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222