What you should know about the Shellshock bug

This page contains information about the Shellshock software bug that affects Android, OSX, iOS, Windows, Linux, and others. What is Shellshock and what can you do about it?

What is Shellshock?

What is ShellshockShellshock (also known as Bashdoor) is a software bug discovered by Stéphane Chazelas on September 12, 20014 that affects the Unix Bash shell. Unix Bash shell is the common command-line shell that is actively used in Linux/UNIX OS, Apple Mac OS X (since 10.3), and BSD. It is used to control specific programs.

By September 25, 2014 botnets based on computers affected with the Shellshock bug were being used by cyber attackers to perform denial-of-service attacks and vulnerability scans. Millions of attacks and probes associated with the bug were recorded by security companies and vendors. The bug could potentially be used to compromise millions of servers and other systems and is said to be much worse and more easily exploited than the Heartbleed bug in its severity.

According to experts, the most vulnerable to Shellshock are OSX, Linux, iOS, Android, and Windows Operating Systems, as well as general systems running Internet servers and users of public wi-fi points.Once exploited, the targeted system can be introduced to several types of cyber threats including self-replicating worms. It may also help attackers initiate technical modifications on the infected system and allow them to access, observe, collect, and destroy a users personal information.

Fortunately, there are many developers, publishers, and security experts creating easy patches for the shellshock bug. According to the latest news, security experts at Linux have recently managed to develop a Shellshock fix and in addition, Apple has also issued an update for this vulnerability. However, at first the Apple fix was not reliable against Mountain Lion 10.8. Security experts were able to identify this hiccup with Mountain Lion 10.8 a bash check tool and have reported it across various networks and have said ” it seems that the updated version of bash may still be vulnerable to CVE-2014-7186.”