Does the bug in Bash affect Android or iOS mobile systems?
Asked
Active
Viewed 6,736 times
11
-
1I ran the official test-script `env x='(){ :;}; echo vulnerable' bash -c "this is a test"` via the app ScriptManager on my Sony XPERIA, it told me `env is not defined`. So i guess no; but still no proof. – marstato Sep 25 '14 at 20:00
-
1Note that the error you get only indicates that there is no method called `env` for modifying the environment of your shell called ScriptManager, not that no application on your system relies on Bash and can incidentally or voluntarily let untrusted principals enter commands with a custom environment. – Steve Dodier-Lazaro Sep 25 '14 at 21:31
-
I believe jailbroken iOS devices can be affected. For instance, the [Cydia app store](https://cydia.saurik.com/) for jailbroken devices installs Bash and other BSD utilities (reference needed). However since you already disable all of the system safeguards and run untrusted software when jailbreaking or rooting, there are other entry points for malware that you already need to take into account. – Sep 25 '14 at 19:38
3 Answers
7
Not out-of-the-box. I know of no Android or iOS device running a bash shell. Some people might, on their rooted devices, but that will be only a few.
Thomas Stets
- 195
- 7
-
Isn't /bin/sh based on bash and contain the vulnerability? Because /bin/sh exists on Android. – RoraΖ Sep 26 '14 at 14:20
-
2@raz `/bin/sh` is not necessarily the same as bash (though it can be an alias for bash in some cases). In the case of Android, it almost certainly isn't. – Ajedi32 Sep 26 '14 at 18:59
3
I have run the official test script on my Samsung Galaxy Tab 10.1 and it indicates it is vulnerable. This device was just out of the box and has not been rooted.
Xander
- 35,525
- 27
- 113
- 141
Geoff Paton
- 31
- 1