'Shellshock' Bash vulnerability

And what is it? & what do I need to do.


Well the news is reporting an new killer that will end the world like Y2k or Heartbleed. As usual There is no need to panic. Most people aren't aren't at high levels of risk. Just stay informed but understand that there's no real reason for significant concern at this point. Apple & all major linux versions are aware of the vulnerable & will be releasing security patches so remember to check for updates!

What is Bash?

Bash is a shell processor that lets you type commands which then result in actions. It's the core shell tool used in most Linux and Unix operating systems (inc OS X) found in millions of computers all over the world. It can also be used to parse scripts for other programs, like Web servers. The exploit that's been recently discovered affects all Bash releases through 4.3 — about 25 years worth of Bash versions. So there are a lot of systems potentially affected by this flaw.

What is Shellshock?

"Shellshock." Is a vulnerability lets an outside attacker insert extra code into a Bash command. Researchers are still trying to understand the extent of the exploit, but one of the most prevalent vulnerabilities involves web servers running Common Gateway Interface (CGI) scripts, a standard method for creating dynamic content on the web. An attacker uses "environment variables" containing Bash functions in them. Arbitrary code execution is a very serious problem. The worst case scenario is that an outside attacker can take over the targeted computer, access files and get it to run software it wouldn't otherwise. Shellshock is being compared to Heartbleed, a bug involving a popular security library called OpenSSL. The only similarity is the amount of potential computers affected by Bash ,
Bash is broadly used by computers all over the Internet, so there's concern that many will go unpatched and hackers will use the exploit towards their own ends.

Is my Mac affected

OS X Mavericks 10.9.5 includes Bash 3.2, a version of Bash that is vulnerable to the exploit. As this was posted, Apple had not yet released a security patch to update the version of Bash included with Mavericks. You can test your Mac yourself using a simple command in the Terminal application.

Testing for the Bash vulnerability

1. Double-click on the Utilities folder.

2. Double-click on Terminal.

3. Type (or copy and paste) the following command: env X="() { :;} ; echo vulnerable" /bin/sh -c "echo stuff"

If your Mac says "vulnerable," then the version of Bash installed on it is indeed vulnerable to the problem. But that doesn't mean that your Mac can be exploited by hackers. You'd have to be running software that is accessible to the outside world and invokes Bash when it is run. So far I haven't seen any exploits that the average Mac user would need to worry about.

What now?

Shellshock is a vulnerability (Think of it like an unlocked window). Unless your a major company or download & install many OSX programs without knowing their origin, you shouldn’t be affected. If you have a Unix or Linux hosting, I would recommend contacting your host / IT department to find out the security status . If you are concerned about the Bash vulnerability affecting you Pc or sever contact us to arrange testing and patching.