Snow Leopard is vulnerable and am told more recent versions are too.
The patch for Linux issued today didn’t fix it completely, so there will
be another patch tomorrow.
execute the following:
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
Apparently, the proper behaviour is:
bash: warning: x: ignoring function definition attempt
On Snow Leopard, I get the vulnerable and this is a test outputted in
separate lines.
Apparently, this enables remote arbritrary command execution.
UPDATE: apparently, the vulnerability has to do with any bash script
that is triggered as a result of some internet service where some data
fed to the bash script gets executed instead of being treated as a
string (or something akin to that).
Will be interesting to see how quickly Apple issues patches for its
current operating systems.