Shellshock: a bug in a popular open-source software
On Wednesday, security experts announced the discovery of a previously unknown security flaw impacting systems running on an open-source Unix-based platform. Systems employing this platform include Apple and Linux. The bug, called Shellshock, poses a serious risk to workstations, routers, and servers.
Your PCs are not susceptible to the bug as they operate on a proprietary piece of software.
In addition, Daystar has reviewed all Fortinet devices (our primary firewall and router solution) and has determined that is not affected by this vulnerability.
What should I do?
Currently, there are no reports of the bug being exploited by hackers or cyber criminals. However, a patch to fix the bug does not exist as yet, and hackers are expected to take advantage of this very soon. Daystar advises all clients running affected devices to make sure their systems are updated and to check with their manufacturers for additional patch updates.
A description of the vulnerability and risks are described below.
What is Shellshock?
Shellshock is a bug in a free piece of software called Bash that is built into many machines that connect to the Internet, most notably in Apple and Linux-based systems. Although there are currently no reported exploitation of the bug, its potential impact is highly damaging. Shellshock could be exploited to take over an entire machine. More than just a privacy concern, data and files on an infected system can actually be manipulated. And the bug is very simple to exploit; according to Wired, a hacker could take advantage of the flaw with just three lines of code. What's more, the flaw has been around since 1987, which means that there are a lot of susceptible devices.
Your Technology Partner