Tutorial on repairing bash vulnerability in MAC system

Time:2021-11-27

Recently, the bash vulnerability has a wide impact, even the MAC system can not be avoided. After updating the bash of the company’s server, now let’s update the bash on my own MacBook

System: Mac OS X 10.9.4

1. To update bash, install the following components

Install command line tools
Install homebrew
Enter in the terminal:

Copy code

The code is as follows:

ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”

A pop-up box will pop up to install Xcode select, as shown in the figure:

Homebrew will not be installed until Xcode select is installed

2. Update Bash

The default bash version in the MAC system is 3.2.51. We need to update it to the latest version

Copy code

The code is as follows:

brew install bash
sudo mv /bin/bash /bin/bash3.2.51
sudo ln -s /usr/local/bin/bash /bin/bash
bash -version
GNU bash, version 4.3.27 (1) – release (x86_64 Apple Darwin 13.4.0)

PS: 4.3.27 is the latest version

Then make the following security settings for the backup bash:

Copy code

The code is as follows:

sudo chmod a-x /bin/bash3.2.51

3. Verification


Copy code

The code is as follows:

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If only output
this is a test
It means that the above vulnerabilities have been fixed

Copy code

The code is as follows:

env X='() { (a)=>\’ sh -c “echo date”; cat echo

If only date is output and no time is output online, it means that the vulnerability of the second time has also been repaired. If there is a manual patch for bash on the Internet, it will not pass this vulnerability

If there are no problems with the above two vulnerabilities, you can try the third one. Some say there is a display and some say no. anyway, I don’t show it here:

Copy code

The code is as follows:

env ls='() { echo vulnerable; }’ bash -c ls

If vulnerable is not displayed, it means that the vulnerability has no impact on your machine

Well, after the above repair, you can rest assured to do other things for the time being