Still showing as vulnerable even after that:

    ~$ echo $BASH_VERSION
    4.3.25(1)-release
    ~$ curl -s https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck | bash
    bash: warning: x: ignoring function definition attempt
    bash: error importing function definition for `x'
    Not vulnerable to CVE-2014-6271 (original shellshock)
    Vulnerable to CVE-2014-7169 (taviso bug)
    bash: line 18:  1339 Segmentation fault: 11  bash -c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
    Vulnerable to CVE-2014-7186 (redir_stack bug)
    Test for CVE-2014-7187 not reliable without address sanitizer
    Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug)

And fwiw even before install new bash via homebrew I had also followed these instructions:

http://apple.stackexchange.com/questions/146849/how-do-i-rec...

Don't forget to change your PATH so brew-installed things come before other things.

Brew installs bash at `/usr/local/bin/`.

That doesn't solve the problem of scripts that begin with #!/bin/bash

This still keeps the system version around at /bin/bash