Shellshock: What You Should Know about this Security Flaw

shellshock-bug A new security flaw known as “Shellshock” or the “Bash Bug” has been identified. It affects UNIX-based operating systems, which include Linux and Mac OS X (desktops, laptops and servers). It has the potential to let attackers take control of your computer, as well as gain access to data and services in the cloud.

It is important to note that this does not affect Microsoft Windows platforms.

With news sources all abuzz with coverage of Shellshock, Safety Net would like to provide you with some basic information on this flaw. Developed over 25 years ago, Bash is an acronym for Bourne-again shell. It lets users type in text to issue commands to launch programs and features within software. It is typically used by programmers and shouldn’t be open to the wider world, though Shellshock changes that.

A security patch for Shellshock has been issued to address Linux. Apple has not yet announced when a patch will be released for Mac OS X. To further protect any of your potentially affected systems, we recommend that you accept the standard security updates that you are prompted to perform.

For mobile devices, here are some additional details on Shellshock:

  • iOS (iPhones and iPads) do not include Bash and there are no reported apps that include it.
  • Android does not include Bash. However, apps downloaded from online, unsupported (rogue) stores may have Bash included.

Please contact a member of our Support Team if you have additional questions regarding your business or require assistance with performing security updates.