Almost all variants of Unix use a Bash shell, including OS X. In late September 2014 a security vulnerability with Bash was discovered, nicknamed Shellshock by the support community.
All versions of Mac OS X prior to Yosemite are potentially susceptible to the Shellshock, however to be at risk the Mac would need to be customized with advanced Unix services utilizing tools like: Xcode, Homebrew, MacPorts, or MAMP. This excludes 99.5% of all Macs.
A week after Shellshock was discovered, Apple released Bash Updates for OS X 10.7, 10.8, and 10.9. These updates do not show when running a Software Update, and require manual download and installation. http://support.apple.com/en-us/HT201393
I have developed a custom Kaseya script to patch Bash on all Macs running OS X 10.4-10.9 (both Intel and PowerPC) in the Chicago All Covered market, meaning all Mac workstations and servers under ACC at Chicago clients are fully protected from the Shellshock vulnerability.