Have Apple announced whether the "Shellshock" bash update will be applied automatically via the App Store patching mechanism?

Question

As described here, I'm technically vulnerable to the "Shellshock" bug in my shell. I'm running Mavericks.

Apple has released an update to bash that addresses this issue. As per the example test script in the linked question, I'm currently still vulnerable and have no available updates showing up in the App Store.

Has Apple made any announcement, or have any public policy on whether this update will eventually be made available for software update via the App Store?

No - users have to opt in to all updates on OS X. Just run the normal software update process from the Apple Menu and accept the security related fixes. You might have updates notify you periodically (weekly is the default interval to check) but the patches aren't applied, just possibly downloaded and ready to apply. — bmike, Oct 06 '14 at 15:44
The bash update in question is not currently available via the "Software Update" option in the Apple menu (which launches the App Store's 'Updates' tab). This question is about whether it eventually will become available through that channel, rather than about how to apply regular updates. — Adam S, Oct 06 '14 at 15:52
Sure, but a security update related to "developer tools" (used loosely) isn't a unique situation; there's likely past situations from which we can draw comparisons. There may be a technical reason, or there may be an official stance from Apple that I'm unaware of - personally I'm baffled as to why this isn't simply being distributed to all users as part of an OS update. — Adam S, Oct 06 '14 at 16:25
Looking at your question, there really are two questions. 1) Is Apple going to release a patch? - most likely off topic for this site. 2) What Updates have I missed? Needs an edit to explain why you feel you have missed updates and/or editing to remove the other question in the post. — bmike, Oct 06 '14 at 17:01
From the On-topic help page I believe this question is on topic for this site. I'll remove the additional question, as it's a follow-up to the initial one. — Adam S, Oct 06 '14 at 17:23
Please also have a look at http://apple.stackexchange.com/help/dont-ask. Basically the answer to the question (after the edit you've just made) is "Nobody knows because Apple doesn't publish any update/patch strategies" and any other possible answer will not be backed up by facts (at least not until Apple actually releases a fix). — nohillside, Oct 06 '14 at 17:48
Well, that's what I was looking for - "no one knows" is certainly a valid answer. I don't think that makes a question off topic. I'll leave this be, but I believe having an accepted "no one knows" answer is a better contribution to the site than have this closed as being off-topic - I was only able to find speculation in my searches. — Adam S, Oct 06 '14 at 17:56
@AdamS "only able to find speculation " is the point we can openly speculate - the only answer is one from Apple. Us adding to speculation does not help — mmmmmm, Oct 06 '14 at 18:45
@JakeGould I don't see how this is gossipy, panicky or nonsense - it's a legitimate security hole that requires patching. It does beg the question as to why they can't/aren't pushing this through the App Store, but as ascertained in the comments here, "no one except Apple knows". — Adam S, Oct 08 '14 at 12:55
I'm not asking for an opinion. Again, I repeat, "no one knows" is a valid answer that I (and apparently an assortment of upvoters) did not know. — Adam S, Oct 08 '14 at 15:36
I've made further edits to the question, both to suit the answer I received from @patrix and to alleviate any remaining opinion-based concerns. — Adam S, Oct 08 '14 at 18:18

score 2 · Answer 1 · edited Apr 13 '17 at 12:45

Will this update (eventually) be applied automatically via the App Store, or do I have to apply it manually?

As I explain in my answer on the question you link to, Apple has released patches you can download & run yourself. You do not have too compile from source or be deeply technically capable to run them. Just download the one appropriate for your machine, run the installer & that’s it:

And while not directly available via the software update system provided in the App Store, running this patch is one of the simplest Mac OS X patches I have ever run. It takes about a minute of your time, an admin password & there is no need to reboot.

UPDATE: Look, I just saw a pig fly!

Note: Security Update 2014-005 includes the security content of OS X bash Update 1.0

This was indeed extremely trivial to apply manually (and this answer is no doubt useful to anyone reading this), however this doesn't answer the question of whether this patch will come through the App Store or not. — Adam S, Oct 08 '14 at 12:57

score -1 · Accepted Answer · edited Apr 13 '17 at 12:45

-1

There is currently no information on whether this update will appear via the built-in App Store update mechanism - as described by patrix in the comments on the original question:

"Nobody knows because Apple doesn't publish any update/patch strategies, and any other possible answer will not be backed up by facts".

edited Apr 13 '17 at 12:45

Community

1

answered Oct 08 '14 at 13:01

Adam S

153

Have Apple announced whether the "Shellshock" bash update will be applied automatically via the App Store patching mechanism?

2 Answers2