Archive for September 25th, 2014

by Tom Nelson

Across my desk this morning came word of a vast new security vulnerability dubbed Shellshock (CVE-2014-6271) that can easily allow ne’er-do-wells the opportunity to have Terminal execute code when launched.


Screen shot © Coyote Moon, Inc.

On the surface, and as shouted to high heaven by the security group that issued the report, this vulnerability is huge, perhaps bigger than Heartbleed, which made the security rounds last April. In essence, Shellshock would allow any device running one of the many forms of Unix, including OS X and Linux, to have code executed whenever a user invokes the Bash shell, or in the case of OS X, launches Terminal.

Read more on About: Macs.

Read Full Post »