What Is Shellshock?
Shellshock is a security issue in Bash, a core component of the Linux operating system run on some servers. It allows hackers to send commands to a computer without having admin status. This access allows them to install malicious software on others’ systems.
The bug only affects Internet based systems and servers running Linux and Mac OSX. Windows is not affected and normal Mac users will not be vulnerable unless they are running advanced web services.
What Does This Mean for You?
There is no evidence that any of Cyber-Duck’s servers have been compromised. We took immediate steps to secure our servers, which were patched Thursday 25 September.
It is too soon to know if this vulnerability has been exploited elsewhere on the web. However, there is a risk that banks and online retailers using older, mainframe-style computer systems could be affected.
How Do I Stay Safe?
A number of organisations, including Apple, have responded immediately and already patched their systems. It is recommended by some experts that users should not use credit cards or disclose personal information online over the next few days.
If you’d like further information about Shellshock, you can read more on the bug here. If you are a business and want to know if you are at risk, please contact us.