When the Shellshock vulnerability was disclosed on Wednesday, nearly all of the Linux / UNIX distributions released fixes that would correct the problem. However, researchers quickly determined that they were incomplete, leaving patched systems exposed to variations on the original attack vector.
This led to the publication of four additional CVE advisories (CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, and CVE-2014-6277), but administrators and system operators are encouraged to update GNU Bash with all of the latest fixes and to apply additional patches as they are released. So far, there have been three updates to GNU Bash since the problem was publicly disclosed.
Finally, Apple addressed Shellshock in a statement this weekend, noting that a "vast majority" of OS X users were not at risk because OS X systems were "safe by default and not exposed to remote exploits of [GNU Bash] unless users configure advanced UNIX services."
For those with advanced services enabled, Apple is working on an update.
Sign up for CIO Asia eNewsletters.