Securing Mac-OS from CVE-2014-6271 (Shellshock / Bash bug)


For this to work you need to have Xcode installed. If you don't have it, try: sudo xcode-select –install

In a terminal execute these commands:
mkdir bash-fix
cd bash-fix
curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf –
cd bash-92/bash-3.2
curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0
cd ..
xcodebuild

Wait until you see "BUILD SUCCEEDED".

Backup your old executables:
sudo cp /bin/bash /bin/bash.old
sudo cp /bin/sh /bin/sh.old

Put the new ones in place:
sudo cp build/Release/bash /bin/bash
sudo cp build/Release/sh /bin/sh

Test it: 
env x='() { :;}; echo vulnerable' bash -c "echo test"

If you're not vulnerable it will output something like this:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
test

If you're vulnerable, it will also output the word "vulnerable"!