Categories: Apps: Security

Shellshock: Security Software Bug

Shellshock

What You Need to Know about this Security Software Bug

Shellshock, also known as Bashdoor, is a family of security software bugs in the Unix Bash shell. Many Internet-facing services use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

Attackers exploited Shellshock within hours of the initial disclosure by creating botnets on compromised computers to perform distributed denial-of-service attacks (DDoS) and vulnerability scanning. Millions of attacks and probes related to the bug were recorded by security companies in the days following the disclosure.

Shellshock could potentially be used to compromise millions of unpatched servers and other systems. Thus, it has been compared to the Heartbleed bug in its severity.

Apple Inc. commented that OS X systems are safe by default, unless users configure advanced UNIX services. Such advanced users are typically capable of turning the services off until a patch built using Xcode can be implemented.

Within an hour of the announcement of the Bash vulnerability, there were reports of machines being compromised by the bug and botnets based on computers compromised with exploits based on the bug were being used by attackers for distributed denial-of-service attacks and vulnerability scanning.

On September 26th, 2014 the security firm Incapsula, noted 17,400 attacks on more than 1,800 web domains, originating from 400 unique IP addresses, in the previous 24 hours. It’s said that 55% of the attacks were coming from China and the United States. By September 30th, the website performance firm CloudFlare said it was tracking approximately 1.5 million attacks and probes per day related to the bug. On October 6th, 2014, it was reported that Yahoo! servers had been compromised in an attack related to the Shellshock issue.

With the disclosure of the bash vulnerabilities, the information security community was thrown into a bit of a tizzy. Most organizations that have devices running on a *nix platform and that utilize the bash shell are vulnerable.

­See also:

Share
Published by
Steve

Recent Posts

AI: To Credit or Not To Credit? That Is the Question!

How Should You Credit AI When You Use It? Artificial intelligence is rapidly becoming a…

6 days ago

New Scam Clones a Person’s Face to Steal All the Money

Cyberattacks: New Scam Clones a Person’s Face to Steal All the Money from Their Bank…

2 weeks ago

Google Meet Launches Real-Time Voice Translation

Google Meet launches real-time voice translation: say goodbye to learning languages The new Google Meet…

3 weeks ago

Google I/O 2025: Most Important Artificial Intelligence Event

Google I/O 2025: All the Announcements from the World’s Most Important Artificial Intelligence Event The…

4 weeks ago

Apple May Launch a Curved iPhone: When Would Its Release

Apple May Launch a Curved iPhone: When Would Its Release Date Be? The new design…

1 month ago

Farewell to Skype after 15 years: this was its story

Farewell to Skype after 15 years of connecting the world through video calls: this was…

1 month ago