After searching multiple places on how to update bash to avoid Shellsock, this seemed the most straightforward that worked just fine on my Macbook.
Lots of stuff on this Stack Overlflow thread security - How do I recompile Bash to avoid Shellshock (the remote exploit CVE-2014-6271 and CVE-2014-7169)? - Ask Different
This worked just fine for me:
cd ~/tmp mkdir bash-fix cd bash-fix curl https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf - cd bash-92/bash-3.2 curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-052 | patch -p0 curl https://ftp.gnu.org/pub/gnu/bash/bash-3.2-patches/bash32-053 | patch -p0 cd .. sudo xcodebuild sudo cp /bin/bash /bin/bash.old sudo cp /bin/sh /bin/sh.old build/Release/bash --version # GNU bash, version 3.2.53(1)-release build/Release/sh --version # GNU bash, version 3.2.53(1)-release sudo cp build/Release/bash /bin sudo cp build/Release/sh /bin