Upgrade Bash via Homebrew for OS X
As this was posted, Apple had not yet released a security patch to update the version of Bash so lets look at upgrading Bash via Homebrew instead.
Homebrew is a package manager, similar to apt or yum, which allows Mac users to install open-source packages from the command line. To install, paste this line into your Terminal.
ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Then, run:
brew doctor brew update
And type:
brew install bash sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells' chsh -s /usr/local/bin/bash sudo mv /bin/bash /bin/bash-backup sudo ln -s /usr/local/bin/bash /bin/bash which bash bash --version
You will need to restart your Terminal/iTerm and confirm the version:
exit which bash bash --version
If desired change the rights of the moved backup file:
sudo chmod a-x /bin/bash-backup
Don’t forget to run the test code to confirm your Bash is patched.
[Exploit 1] [Exploit 2] [Exploit 3]
Update 09/29/2014: If you didn’t patch the bug manually, you can download and install Apple’s patch for OS X Mavericks here.
Update 09/30/2014: he updates are available for the other OS X versions:
The version after applying this update will be:
- OS X Mavericks: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
- OS X Mountain Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
- OS X Lion: GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)