According to Tom’s guide – the patch to Shellshock for MacOS, may not fully patch the vulnerability.
“It seems that the updated version of Bash may still be vulnerable” to at least one other flaw, Rapid7’s Greg Wiseman wrote in a company blog posting yesterday (Sept. 30).
…
It’s not entirely Apple’s fault that its OS X patch is inadequate. The discovery of Shellshock has put the 25-year-old Bash shell under more scrutiny than ever before, and bug hunters have been finding new Bash flaws nearly every day. Linux developers have been playing whack-a-mole, issuing patches as rapidly as new flaws are found; Apple has been less quick to respond, insisting initially that Macs were not vulnerable, then issuing a patch days later
Many linux distributions are still rushing to patch the ever growing number of bugs in the bash shell – not just Apple.