There’s a new vulnerability that impacts most Unix installs, including many embedded systems (devices that run Unix but don’t expose the OS interface) as well as OS X, the operating system at the heart of all modern Macs.

The issue is a flaw in the Bash shell that allows you to redefine a shell variable from the command line. To see this weakness in action, launch Terminal (it’s in Applications > Utilities) and type this line at the command prompt:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you are like most users, you’ll see this response when you hit return:

vulnerable
this is a test

This will impact anyone that exposes the Bash shell remotely, whether they do it themselves (to allow remote SSH connections, for example) or, more importantly, run an app that allows this to happen.

Bottom line, I suspect Apple is working on a patch to solve this and we’ll see a fix in the next OS X update. You can read all about this on the Red Hat blog post.