Yes, recent versions of Mac OS X are vulnerable to the critical “Shellshock” Bash bug revealed earlier this week, including OS X Mavericks—but don’t sweat it unless you’re doing ninja-level Unix tricks with shell commands already.
That comes straight from Apple, which provided iMore with the following comment on the Shellshock bug:
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
If you’re one of those advanced Unix users, check out this StackExchange thread for instructions on how to recompile Bash with Xcode to squash the bug. That’s a highly technical fix, however, and you should just wait for the official OS X patch if you’re not comfortable mucking around in the Terminal command line.
Check out Macworld’s guide to keeping your home computer safe from Shellshock for more info, including details about home networking gear that might also be vulnerable to the Bash bug.