During the afternoon on September 24, an actively exploited BASH vulnerability was identified on Unix systems.  The following systems have been identified as vulnerable.

RedHat Enterprise Linux (version 4-7) – bash is the default shell for RedHat enterprise systems

CentOS – versions 5-7 – http://lists.centos.org/pipermail/centos/2014-September/146099.html

Ubuntu – versions 10.04LTS, 12.04LTS, and 14.04LTS – http://www.ubuntu.com/usn/usn-2362-1/

Debian – https://lists.debian.org/debian-security-announce/2014/msg00220.html

As of Thursday, September 25,  Apple has not released a security update for this condition. When it is available, it will likely be posted on the following URL – http://support.apple.com/kb/HT1222

This content will be updated as soon as additional information is available.

Update September 30, 9:00 a.m.

Apple has provided a patch for the BASH vulnerability on OS-X. Please see the following URLs for specific download files.

http://support.apple.com/kb/DL1767

http://support.apple.com/kb/DL1768

http://support.apple.com/kb/DL1769