[dustingetz]

I have a macbookpro which is my developer workstation. It is in a default configuration, it is on 12 hours a day, always behind a NAT. What do I need to do to protect myself?

[ProCynic]

update bash (https://apple.stackexchange.com/questions/146849/how-do-i-re...) or switch to a different system default shell until bash is updated.

[maldeh]

Keep in mind that /bin/sh is bash on OS X. So if you have any scripts with the #!/bin/sh preamble you'll have to replace the default sh too.

[bodyfour]

Just apply the security updates as they arrive from Apple. The highest-risk activities like running a webserver hosting CGI scripts isn't likely to apply to you. I can't say for certain nobody will find a clever client-side attack for OS/X but right now you don't need to join in the panic that many sysadmins are (rightly) feeling today.

[ams6110]

Are you running any remotely-accessible services? If not, I'd just wait for the next OSX update from Apple.