OS X bash Update 1.0 is now available and addresses the following:

Available for:

OS X Lion v10.7.5 OS X

Lion Server v10.7.5

OS X Mountain Lion v10.8.5

OS X Mavericks v10.9.5

Impact:

In certain configurations, a remote attacker may be able to execute arbitrary shell commands

Description: An issue existed in Bash's parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement. OS X bash Update 1.0 may be obtained from the following webpages:

http://support.apple.com/kb/DL1767 OS X Lion

http://support.apple.com/kb/DL1768 OS X Mountain Lion

http://support.apple.com/kb/DL1769 OS X Mavericks

To check that bash has been updated:

* Open Terminal * Execute this command: bash --version * The version after applying this update will be:

OS X Mavericks: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)

OS X Mountain Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)

OS X Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222