During the afternoon on September 24, an actively exploited BASH vulnerability was identified on Unix systems. The following systems have been identified as vulnerable.
RedHat Enterprise Linux (version 4-7) – bash is the default shell for RedHat enterprise systems
CentOS – versions 5-7 – http://lists.centos.org/pipermail/centos/2014-September/146099.html
Ubuntu – versions 10.04LTS, 12.04LTS, and 14.04LTS – http://www.ubuntu.com/usn/usn-2362-1/
Debian – https://lists.debian.org/debian-security-announce/2014/msg00220.html
As of Thursday, September 25, Apple has not released a security update for this condition. When it is available, it will likely be posted on the following URL – http://support.apple.com/kb/HT1222
This content will be updated as soon as additional information is available.
Update September 30, 9:00 a.m.
Apple has provided a patch for the BASH vulnerability on OS-X. Please see the following URLs for specific download files.
http://support.apple.com/kb/DL1767
http://support.apple.com/kb/DL1768
http://support.apple.com/kb/DL1769