Cookie Settings

We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

Shellshock , The Latest Mac OSX and Linux Vulnerabilty—

Back to Top
leadership team 2024

By Michelle Drolet

Founder & CEO

Michelle is a prominent leader in data security preparedness, renowned for her extensive expertise i

Read More

4 Minute 10 Second Read

September 29, 2014

By: Solange_Desc1
Security researchers have discovered a new software bug known as the “Bash Bug” or “Shellshock,” or to those more technically “in-the-know” as GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271)(link is external). This bug, more correctly termed, ‘vulnerability’, potentially allows attackers to gain control over targeted computers.
The bug is present in a piece of computer software called, Bash, that is typically found on computers running an operating system called Linux or Unix, of which there are many variations.  Generally this operating system is used to power server computers, such as the ones that many of the world’s websites run on. Also impacted are all Apple Mac computers that run Apple’s operating system, OSX. Computers running Microsoft Windows are not impacted by this vulnerability directly, but could be at risk if web servers are compromised.

Who Is Likely To Be Targeted By This Bug?

There are three likely targets:

  • We believe the primary target for this vulnerability is public facing web servers that have not yet been patched.
  • Any computer running Apple’s Mac OSX, server or your personal computer or laptop, is also vulnerable to attack if it has not been patched.  Also you should note that this bug does not affect computers running Microsoft Windows. They don’t run Bash.
  • Many routers and other Internet-connected devices that are running a variation of Linux or Unix.

So, What Is Bash?

Bash is a piece of software that is used to translate commands that a user types into actions that a computer can understand. In the early days of computing it was more common for users to directly enter commands; today, point and click user interfaces hide all of this.  However, many websites use scripts that contain a collection of such commands to automate interaction with the underlying computer.  On a Unix or Linux computer, if you have ever typed commands into a window that has a prompt that looks like this, then you are likely talking to Bash.
The Bash bug allows an attacker to bypass regular security controls to insert additional unauthorized commands; which could, in turn, allow the attacker to steal data or gain control over the web server computer or other device.
tw_shellshock

The Good News: It Hasn’t Been Widely Exploited…Yet

So far, there is no significant evidence that shows that this bug has been exploited in the wild. However, now that researchers have brought this vulnerability to light, cyber criminals may see this as their chance to take advantage of it. Now it’s up to software companies to quickly create and implement patches and updates, before hackers can reap their unscrupulous rewards.

Am I Affected By Shellshock?

We believe Web servers are the likely main targets for attack and it is likely that website owners are working quickly to patch their computers to guard against attack. Unfortunately, there is no easy way to tell which websites may have been attacked so as a general precautionary measure we recommend keeping an eye out for suspicious activity on the accounts you keep online, and periodically changing important passwords, like those to your email accounts, financial accounts and social networks.
Business owners that have professional websites should apply any available patches immediately.
If you’re a Windows user, your personal device is not vulnerable to this bug. Still, if a web server that runs on Linux has been compromised, and it holds your personal information, you may still be affected. If your personal device or computer runs on Linux or Unix (Mac OS), you may be susceptible, particularly if you are running an un-patched version of Linux or Mac OS.

What Precautions Should I Take To Defend Against Shellshock?

While the vast majority of the responsibility of thwarting cyber criminals from exploiting this bug lies on software companies and website owners, however, it is extremely important to make sure that all of your software remains up-to-date, as it often can contain security patches that will help keep your data secure.
Here are a few things that consumers can do to stay protected:

For all users:

  • We recommend keeping an eye on all of your accounts, on which you store personal information, for signs of unusual activity that may indicate that your account has been compromised.
  • Consider changing important passwords, like those to your email account, social networking sites, and financial accounts. Can’t think of a unique password? For important financial websites, enable 2-factor authentication.
  • Apply any available patches to routers, or any other web-enabled devices in your home, as soon as they become available. Remember though to only download patches and software from reputable sites and keep in mind that scammers will likely try to take advantage of Shellshock reports, so be sure to watch out for spam emails and suspicious links that tell you to download software.
  • Keep an eye out for updates from Apple and be sure apply available patches.

Remember Microsoft Windows computers are not susceptible to attack using this vulnerability.  

Related Insights

View All Insights