2

Seems to me that there is a need to remain online, esp. for business users and that even when this is corrected, there will be a need to go back online to get the Apple patch. e.g. Is removing bash a viable workaround to remain secure for the moment.

  • Duplicate question: http://security.stackexchange.com/a/68204/52676 You'll have to be online at some point to patch your system. Unless you already have the bash source code and compile a patch yourself. – RoraΖ Sep 25 '14 at 18:26
  • 3
    No this question is intended to ask about any possible workarounds that could mitigate the risks, not necessarily how to patch bash. I'll update my question to clarify. – Bradley Thomas Sep 25 '14 at 18:54

3 Answers3

2

Business users can mitigate their risk using their perimeter IPS protection (or palo alto nextgen firewalls) for CVE-2014-6271 but need to wait for released protection on the related CVE-2014-7219 over the next 24 hours.

Source (in my case palo alto): https://securityadvisories.paloaltonetworks.com/

Kamic
  • 693
  • 2
  • 5
  • 20
0

Here ia a basic set of pretty simple rules for an end user:

Are Macs vulnerable to the Bash shellshock bug?.

The purpose is to remove any remote access to a shell, may it be directly /bin/bash or any other shell which may let switch to /bin/bash and use it to escalate priviledge.

dan
  • 3,043
  • 14
  • 35
0

The patch for the bug is available here:

Apple bash bug patch

It is possible to Airdrop connect to another device, transfer the patch DMG from that device and then install the patch - all without connecting the target machine to the internet.