Sitting on your phone is not. I'm sure many of the electronics I have, like my PSP for example, will break if i sit on them.

News flash: as the proportion of electronics volume to phone volume go up, the chassis goes down. Eventually, we reach a point where we need to decide how much force is necessary for a phone to withstand. Time will tell whether this force is enough. If the 9 reports of bent phones are to be believed, out of 10 million plus sales (first weekend) that is not so bad.

even if they are under-reporting by 99%, you're still talking ~1000 or so people. Which out of 10 million in the first weekend of sales is not bad.

Sure. In theory. If we're going to talk reality, i have far less problems with OS X than i do with Linux in the first place.

Unless you wrote your own compiler from machine code, you are still trusting the people who wrote your compiler. You are also trusting the people who wrote the microcode in your CPU. You are trusting third parties irrespective of whether or not you are running open source, and as demonstrated by the leaked NSA docs, there are bugs available for your hard drive firmware that you will never find.

IN short: you're boned and trusting third parties irrespective of how open your OS is - unless all of your hardware is open, all of the firmware for your hardware is open, and you have personally audited all of it.

Correct. For this to be exploited, bash needs to be spawned by an internet facing service and pass environmental variables into a bash shell. Nothing on OS X does this by default. OS X does not run the open source dhcpd, and is thus not exploitable via dhcpd, and does not run apache unless manually enabled, and manually configured to run mod_cgi. Remote ssh is also not enabled on the mac by default.

Far more vulnerable is Linux which runs dhcpd on any machine with a non-static IP, through which bash is exploitable.

But hey, let's make out that OS X is worse off than Linux in this case.

bash is not part of FreeBSD.

I suspect the only reason apple currently uses bash as the default shell (it used to be plain sh from memory or csh) is that it makes it friendly to Linux users.

The amount of GPL code in OS X userland is exceedingly minimal. Most of it is from FreeBSD.

So you are just writing off their contributions to webkit, CUPS, zeroconf, gcd, llvm, etc. Things that other operating systems and applications can and do benefit from?

Apple deprecated Java entirely and suggested that you obtain it from Oracle, but thanks for playing.

Well.... not really. All i've had to do is ensure I am not running apache or open ssh on my macs. I'm not. Meanwhile anyone running Linux with dhcpd is vulnerable until they fix bash. On my FreeBSD servers I just uninstalled bash. Job done. This bug was fixed in sh about 30 years ago apparently according to twitter.

Linux also uses bash in place of sh in most distributions. Linux also uses a dhcp daemon which is vulnerable to being used to exploit this bash bug. OS X does not.

The only people who are going to get butt-hurt over this are a tiny fraction of Linux users who represent a tiny fraction of a tiny fraction of the GPU market.

You know WHY people implement code signing, right?