For whatever reason Apple chose, the bash update is not applied via Software Update- you're seeing known behavior. It's only getting updated if you apply the package from your link below.
Those of us who manage many macs are importing the package to our management tools and deploying it like any other package. From: "Edward Ned Harvey (lopser)" <lop...@nedharvey.com<mailto:lop...@nedharvey.com>> Date: Wednesday, October 1, 2014 at 11:33 AM To: LOPSA Technical Discussions <t...@lopsa.org<mailto:t...@lopsa.org>> Subject: [lopsa-tech] Has anyone bothered to test vulnerability before & after updating bash? On each machine that I update, I first run the "env=blahblah" test, see that it's vulnerable, and then update, and then repeat the test to confirm it's no longer vulnerable. The patch on mac seems to not work. All the other systems - linux - after updating are fine. But vulnerability persists after applying all OSX updates. In Software Updates, I click "Update" and it says "Checking for updates..." and then "No updates available." I confirm "Command Line Tools" was updated yesterday. I've even rebooted since then. The vulnerable version of bash on mac is 3.2.51, and patched is 3.2.53. I confirmed after fully updating via Software Update and rebooting, I'm still at 3.2.51. After manually applying the update from http://support.apple.com/kb/DL1769, the vulnerability goes away, and I'm at 3.2.53. So far I've only observed this on one mac. But I'm getting my hands on more systems to test more.
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
