Today's MacInTouch's
Security Reader Report listed several items relevant to various patches of the Shellshock Bash bug:
- There is a report that Apple's patch for Mountain Lion
may not fix all known Shellshock vulnerabilities; by extension, this may also be true for the other Apple patches. Consequently, patches for older Mac OS X versions (e.g., Snow Leopard and Leopard) derived from the Apple patches may be deficient also. This includes Apple's Lion patch used in Topher Kessler's patch description Jon linked to in post 31389.
-
There is yet another update (4.2.28) for the TenFourFox Bash patch I listed above in post 31357. This version claims to cover all currently known vulnerabilities.
- There now is also
a 3rd party installer for this latest TenFourFox Bash patch*.
Since I haven't tried to apply the TFF patch (with or without installer) over a system previously patched with an Apple patch I can't be sure this will work without problems. But as the TFF patch is a complete Bash version replacing the existing one, that should work just as well as replacing older TFF patches (which has been done successfully).
*) This download link has now been superseded by another after a newer TFF patch became available; for details and a new link, see
post 31492.
