Apple released a security update for its Mac OS X operating system that is designed to protect users from the Shellshock bug, which was recently reported to the company and is believed, can affect all Unix-based computers.
Although Apple Inc. (NASDAQ:AAPL) has said that only the users who are using the advanced UNIX services are likely to be affected by the bug, but the company came up with an automatic updates for the newest version of OS X. The automatic update mechanism that was used by Apple was developed a few years ago, but the company used it for the first time on Monday.
The network time protocol (NTP) in Mac computers also had some glitch which was another cause that compelled Apple to push the automatic update to Macs. This update will help in synchronizing the computer clocks.
Reuters was told by Bill Evans, a spokesman from Apple, that protecting its users is company’s priority, which is why the update was released on Monday under an unusual title. He also urged users to install the update as soon as possible.
Google researchers first discovered the glitch and it was highlighted by the U.S government on Friday. The bug does not affect Mac alone but it penetrates deep down to the industrial control systems. The U.S government needed to warn users who were running critical infrastructure on the system.
According to the warning issued by the government, the glitches in the system could be easily exploited. An attacker can send a closely crafted package that can overflow a stack buffer and extract a malicious code, which can be executed with the level of NTP daemon process.
The computer emergency response teams in the U.S and U.K were very quick in issuing warnings about the Shellshock bug and recommended that all affected organisations install the software security update immediately.
The Information Commissioner’s Office has also asked all organisations as well as individuals to make their IT systems up to date. According to an ICO spokesperson, this flaw could easily allow criminals to extract personal data from the computers, which can be really alarming for businesses and cause a lot of trouble because they are under obligation to keep personal information discreet.
Security researchers have cautioned that while home users and other traditional servers might be safe from this bug but this solution is not available for many other ingrained devices as well as Unix-based industrial control system.
Evans told Reuters that Apple Inc. (NASDAQ:AAPL) was unaware of any misuse of the flaw in Macs so far. The update was released by the company for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 and OS X Yosemite v10.10.1.
It is possible that Apple has released the update well in time before any major exploitation of the glitch could take place but it cannot be confirmed for sure. The security update is crucial and must be installed by everyone as soon as possible.
The next few days will tell us whether the flaw caused by the bug allowed any hackers to take advantage, which means Apple should keep a close eye on any complaints by its users.
