Seems to me that there is a need to remain online, esp. for business users and that even when this is corrected, there will be a need to go back online to get the Apple patch. e.g. Is removing bash a viable workaround to remain secure for the moment.
Asked
Active
Viewed 278 times
2
-
Duplicate question: http://security.stackexchange.com/a/68204/52676 You'll have to be online at some point to patch your system. Unless you already have the bash source code and compile a patch yourself. – RoraΖ Sep 25 '14 at 18:26
-
3No this question is intended to ask about any possible workarounds that could mitigate the risks, not necessarily how to patch bash. I'll update my question to clarify. – Bradley Thomas Sep 25 '14 at 18:54
3 Answers
2
Business users can mitigate their risk using their perimeter IPS protection (or palo alto nextgen firewalls) for CVE-2014-6271 but need to wait for released protection on the related CVE-2014-7219 over the next 24 hours.
Source (in my case palo alto): https://securityadvisories.paloaltonetworks.com/
Kamic
- 693
- 2
- 5
- 20
0
Here ia a basic set of pretty simple rules for an end user:
Are Macs vulnerable to the Bash shellshock bug?.
The purpose is to remove any remote access to a shell, may it be directly /bin/bash or any other shell which may let switch to /bin/bash and use it to escalate priviledge.
0
The patch for the bug is available here:
It is possible to Airdrop connect to another device, transfer the patch DMG from that device and then install the patch - all without connecting the target machine to the internet.
Bradley Thomas
- 175
- 5