Um... the effort I had to take to patch my linux boxes was: Do nothing. (security fixes had been released and installed before I learned of the bug).
The effort I'll have to take to patch my Mac is:
* Download a new bash.
* recompile it
* install it by hand.
(and this is assuming I already have xcode/developer tools installed).
Not quite the same level of effort.
Is the article wildy off topic? Not really - its an article about yet another instance of Apple ignoring security issues, why wouldn't a previous example be relevant?
Is your position that a software vulnerability the only type of security issue? Is your position that ignoring software vulnerabilities is fundamentally a different thing than ignoring other types of security issue? I'm confused by why you are asking.
OS X: Install xcode, install xcodetools (CLI), download bash source code from a mostly-undocumented URL (need to search through apple support forums), download and manually apply patch from GNU. Build bash, manually copy build output into /bin.
That doesn't change the version of bash pointed at by /bin/sh which is a hardlink to the OSX supplied bash. Even if you previously relinked /bin/sh to a homebrew bash, it won't change versions by upgrading the installed bash.
So getting back to shellshock on OSX...
Is there a patch available?
yes.
Does it download via a GUI?
no.
Is it about the same level of effort to patch a OSX box as a GNU/Linux box?
yes.
Does the post go wildly offtopic to address issues (iCloud) that are likely wetware hacks? yes.
Does it recommend carte blanche to not use apple products because their OS is fully patched? yes.