Apple's Shellshock Fix Is Incomplete

Oh, boy! Picking on Apple is becoming pretty tiresome, but recently there are just so many reasons to do so. Researchers say that the security patch which the Cupertino based company released yesterday leaves a known Shellshock vulnerability open to attacks.

I think that by now you are petty fed up with hearing about the latest major threat in the computer world which the media refers to as Shellshock. In truth, we all would want for this bash exploit to simply become a thing of the past, but it seems to be easier said than done.

In an attempt to keep its customers safe, Apple released on Tuesday a security patch design to neutralize the Shellshock threats for its Mavericks, Lion and Mountain Lion OS X products. Unfortunately for the company and for its users, researchers have discovered that update doesn't cover all the exploits and it leaves Mac computers vulnerable to attacks. A possible vulnerability codenamed CVE-2014-7186 is still left unchecked and hackers could exploit it using Denial of Service attacks which will stop the computer from connecting to the Internet or other networks.

Normally, I would be the first to rant about Apple's botched patch, but I sincerely don't think that this is the case. The company's answer to the threat needed to be pretty fast and the lack of time probably led to a partial solution instead of a complete one. Even if the fix is incomplete, it still takes out two out of three vulnerabilities and that still makes your computer safer than it was before. Furthermore, in this kind of cases it is better for users to act as quickly as possible so if the IT giant would have said from the get go that the patch partially solves the problem, many customers might have been lackadaisical to bother installing it.

Hopefully, a complete fix will be soon released. To find out more about the CVE-2014-7186 threat you can check this link.

Comments