you bought it in the last two years), it's highly unlikely your Apache web server is turned on. If your Mac shipped with Mountain Lion or Mavericks (i.e. Apache is still there under the hood, however it's front and center in OS X Server, and you can easily turn it back on with the free Web Sharing control panel. Mac users might breathe a little easier knowing that Apple removed the System Preference control for the Apache web server in the standard Mountain Lion and Mavericks OS X versions. but the most likely vector would be through the wildly popular Apache HTTP server, included on most UNIX or Linux distributions and on OS X. Shellshock attacks could target several points of entry - Git and Subversion clients, compromised DHCP servers, etc. Like the recent Heartbleed vulnerability in OpenSSH, Shellshock has the potential to be calamitous in fact, it could be quite a bit worse than Heartbleed, because in theory Shellshock could allow malefactors to run arbitrary commands on lots and lots of UNIX or Linux machines. Bash is present on every Linux distribution, almost every UNIX system, many Android phones, thousands upon thousands of embedded OS versions on hardware devices - and on every version of Mac OS X ever shipped. Bash is a ubiquitous bit of software a command interpreter, or "shell," that provides a basic text-on-a-green-screen interface to POSIX/UNIX and Unix-like systems. There's a big bad bash bug out in the Unix world called Shellshock, and it is pretty serious.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |