Shellshock
Shellshock, also known as bashdoor, is a classification of security vulnerabilities in the bash command-line shell that are the result of a software bug. The developers of bash were initially notified of the vulnerabilities in September 2014. Additional vulnerabilities were discovered in the following weeks, after close scrutiny by employees of Google and Red Hat. The danger stems from the way bash handles a user's environment variables, and the fact that bash can execute a new instance of itself.
How to test if your system is vulnerable
Bash is the default shell in macOS and most versions of Linux. If your system is up-to-date, the vulnerability should already be patched. You can test if your system is vulnerable by opening a terminal and running the following command.
env x='() { :;}; echo VULNERABLE' bash -c "echo This was a test."
If this command returns the following text, then your system is safe.
bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' This was a test.
However, if the command returns the following, then your system is not safe.
VULNERABLE This was a test.
This text indicates that the system is not patched, and should be updated immediately.
How to patch your system
macOS
On macOS systems, open the Apple menu in the upper-left corner in your screen, and select About This Mac. In the dialog box that appears, select Software Update. The system checks to see if you require any updates and guide you through their installation.
Alternatively, you can visit Apple's website to manually download a patch for the vulnerability.
Ubuntu, Debian, and Debian-based Linux
On Linux operating systems that use the APT (advanced packaging tool) package manager, such as Ubuntu and Debian, you can update bash with the following command.
sudo apt-get update && sudo apt-get install --only-upgrade bash
Running this command updates your package database with the most up-to-date information, and then installs the newest version of bash.
CentOS Linux
If you are using CentOS, you can update your bash installation using the yum package manager.
sudo yum update bash
Fedora
On Fedora systems, the yum command is slightly different. Use this command to update bash.
sudo yum -y install bash
Arch Linux
Under Arch Linux, you can use the pacman package manager to update bash, with this command.
sudo pacman -Syu
Other operating systems
If you're using another operating system, your update method will vary. We recommend you check your operating system's website for precise instructions and update your system as soon as possible.