Apple has released security update OS X Bash Update 1.0.
The patch is available as three separate downloads for OS X Mavericks 10.9.5, OS X Mountain Lion, and OS X Lion. A patch for OS X Yosemite Public Beta and Developer Preview releases are not yet available.
The download is very small, around 3.5MB.
More information at OS X Daily: http://osxdaily.com/2014/09/29/os-x-bash-update-1-0-shellshock-patch/
This advisory just came out from Mark Maunder of Wordfence Security plug in:
A serious vulnerability in the bash shell has been disclosed. Bash will execute any trailing code after a function definition contained in an environment variable.
If you manage a Linux WordPress server, an update for Bash has been released today for most major Linux distributions. Update immediately. If you don’t run a server but are using a hosting provider it’s likely your host is aware of this issue already and has already upgraded their systems to protect you.
For more information please visit the Wordfence blog where I’ve included details of the vulnerability, how to test if you’re vulnerable, how to fix the issue and some details on how it works.
More information at: http://www.wordfence.com/blog/2014/09/major-bash-vulnerability-disclosed-may-affect-a-large-number-of-websites-and-web-apps/