Apple Inc. (NASDAQ:AAPL) Patch Ineffective Against Third Shellshock Vulnerability

Reports about a bug that could threaten Apple Inc. (NASDAQ:AAPL)’s Mac computers surfaced last week. The bug, which is dubbed as Shellshock, is considered very dangerous as it has the ability to allow malicious hackers to gain access to Macs running OS X with a certain configuration. Apple had released a patch to fix this vulnerability but security experts have found out that it does not solve the issue but addresses only part of it.

Shellshock comparable to Heartbleed

The Shellshock bug affects computers running Unix and Linux like Apple Inc. (NASDAQ:AAPL)’s OS X operating system. It works by allowing malicious code to run in the operating system’s command shell, Bash.

The bug could enable hackers to access information stored on the system. Experts tell that the repercussions from the flaw are comparable to the devastating effects of the Heartbleed vulnerability, which was encountered earlier this year, and could also be used to take control of Macs running OS X.

Users running default Mac versions unaffected

Apple Inc. (NASDAQ:AAPL) had said last week that users running their Macs with the default OS X do not have to worry as the system is not exposed to the Shellshock vulnerability, so most of the Mac users can breathe a sigh of relief. The company also added that the vulnerability affects only a small subset of systems which run user configured advanced versions of the operating system.

Three vulnerabilities known as CVE-2014-6271, CVE-2014-7169 and CVE-2014-7186 have been identified as of now. Apple Inc. (NASDAQ:AAPL)’s patch, that was released earlier this week, addresses only the first two. The third vulnerability, also known as the redir_stack bug, was discovered by Greg Wiseman, a security researcher for Rapid7. He reported that this vulnerability has the potential to inhibit a Mac from connecting to the internet or any other local network as a result of a Denial of Service attack.