OS X bash Update 1.0 is now available and addresses the following:
Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: In certain configurations, a remote attacker may be able to execute arbitrary shell commands
Description: An issue existed in Bash’s parsing of environment variables. This issue was addressed through improved environment variable parsing by better detecting the end of the function statement.
This update also incorporated the suggested CVE-2014-7169 change, which resets the parser state.
In addition, this update added a new namespace for exported functions by creating a function decorator to prevent unintended header passthrough to Bash. The names of all environment variables that introduce function definitions are required to have a prefix “__BASH_FUNC<” and suffix “>()” to prevent unintended function passing via HTTP headers.
OS X bash Update 1.0 may be obtained from the following webpages:
http://support.apple.com/kb/DL1767 – OS X Lion
http://support.apple.com/kb/DL1768 – OS X Mountain Lion
http://support.apple.com/kb/DL1769 – OS X Mavericks
To check that bash has been updated:
* Open Terminal
* Execute this command:
* The version after applying this update will be:
OS X Mavericks: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
OS X Mountain Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
OS X Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This was a first. I just rebooted the OSX server to free up the Time Machine volume – after getting the ubiquitous “volume is in use error”.
When Time Machine on my Mac next ran, I got this weird error “The network backup disk does not support the required AFP features”. This was the first time that I’ve seen this error. I googled around for the error, and even on the Drobo web site. I didn’t get any useful information… so I logged onto the server to look for errors.
There were no messages in the Server app’s Alerts pane. There was nothing unusual in the Drobo Dashboard. However I did notice that Time Machine was switched to “off”. WTF? A service on the OSX service that was NOT running after a reboot? Perish the thought! (I reboot my servers about once or twice a year. A properly running Unix server should never “need” a reboot.)
So I turned Time Machine back “On” in the Server’s app. There were no existing Time Machine volumes set up in the pane. So I had to direct the Time Machine back to the folder that I had set up on the Drobo to store the backups. Very strange indeed.
When the backup tried to run on the Mac again, I had to go into the Time Machine preferences and choose “Add or Remove Disk” to reconnect the back up. It’s running once again…
This is why I also use Background Backup to backup all my Macs. I never have issues with that service. You get what you pay for.
If are annoyed by web sites offering to send you Notifications, the last thing you need is more distractions. Notifications were a pain on iOS and now that pain is available on OSX.
To turn of the near constant offers, go to Safari Preferences and uncheck the option for web sites to ask
The SSL Security Update 2014-001 1.0 is ready for installation:
If you’re using Mavericks, Mountain Lion or Lion (10.9, 10.8 or 10.7) you can use the App Store Mac app to install. Click on Updates.
Here are the direct links to the updates:
Lion (10.7) Security Update 2014-001 1.0
Mountain Lion (10.8) Security Update 2014-001 1.0
Mavericks (10.9.2) Update 10.9.2
Apple has announced the dates for WWDC 2013. The conference will take place June 10-14, in San Francisco. It will offer new insights on future versions of iOS and OSX.
To buy a ticket, you must be a member of the iOS Developer Program, iOS Developer Enterprise Program, or the Mac Developer Program as of the announcement of WWDC (5:30 a.m. PDT, April 24, 2013) and at the time of your ticket purchase. Developers between 13 and 17 years of age must have their ticket purchased by their parent or guardian who is an eligible member.
Ticket purchases are limited to one (1) per person and five (5) per organization. The same credit card may be used up to five (5) times to purchase all of the tickets for your organization. However, each team member must sign in with their own Apple ID and purchase their own ticket.
So now we can set our calendars and stop taking our iPhones to bed.