On Monday, Apple released three updates to fix two bugs in the software called Shellshock. But after additional testing, experts say Apple’s patches aren’t complete. OS X users are still vulnerable to CVE-2014-7186, which enables remote attackers to cause Denial of Service conditions or execute commands within the context of an affected application. Those who have enabled advanced UNIX settings, such as users in the technology sector, or those with a certain degree of technical confidence, were exposed.”]
Source: https://www.csoonline.com/article/2689410/apples-shellshock-patch-is-incomplete-experts-say.html