No fallout from Shellshock Bug
Iowa State Mac users appear to have gotten through the Shellshock Bug, aka Bash Bug, unscathed. The bug poses a security threat to Unix-based systems, such as Macs, and its Sept. 21 discovery sent IT experts around the world and on the ISU campus into full-blown response mode.
Iowa State techs quickly installed patches and workarounds on central systems and monitored networks for attacks.
"We detected and blocked a sizeable number of Internet computers attempting to compromise campus servers," said Andy Weisskopf, information security officer for information technology services.
"We have not yet had a system on campus compromised by this bug," he added. "The campus IT community has done an excellent job getting patches deployed on critical servers as soon as they were available."
Weisskopf said a patch is now available from Apple's website, although Apple isn't pushing it through it's normal update method at this time.
"I would expect it to be included in the next OS update that is released," he said. "Because of the way Apple implemented core services, there is not the same exposure to this vulnerability as exists on other Unix platforms."
Weisskopf said ISU won't be pushing the patch to its clients now, but will do so when the next update is available through Apple's app store.