Shellshock: You Need To Know About This Security Software Bug
Shellshock, also known as Bashdoor, is a family of security software bugs in the Unix Bash shell. Many Internet-facing services use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.
Attackers exploited Shellshock within hours of the initial disclosure by creating botnets on compromised computers to perform distributed denial-of-service attacks (DDoS) and vulnerability scanning. Millions of attacks and probes related to the bug were recorded by security companies in the days following the disclosure.
Shellshock could potentially be used to compromise millions of unpatched servers and other systems. Thus, it has been compared to the Heartbleed bug in its severity.
Apple Inc. commented that OS X systems are safe by default, unless users configure advanced UNIX services. Such advanced users are typically capable of turning the services off until a patch built using Xcode can be implemented.
Within an hour of the announcement of the Bash vulnerability, there were reports of machines being compromised by the bug and botnets based on computers compromised with exploits based on the bug were being used by attackers for distributed denial-of-service attacks and vulnerability scanning.
On September 26th, 2014 the security firm Incapsula, noted 17,400 attacks on more than 1,800 web domains, originating from 400 unique IP addresses, in the previous 24 hours. It’s said that 55% of the attacks were coming from China and the United States. By September 30th, the website performance firm CloudFlare said it was tracking approximately 1.5 million attacks and probes per day related to the bug. On October 6th, 2014, it was reported that Yahoo! servers had been compromised in an attack related to the Shellshock issue.
With the disclosure of the bash vulnerabilities, the information security community was thrown into a bit of a tizzy. Most organizations that have devices running on a *nix platform and that utilize the bash shell are vulnerable.
See also:
Apple is reportedly enhancing the iPhone SE 4, potentially phasing out the home button in…
Will Qualcomm Be Able to Replicate Apple's Success and Transform the PC Market? Snapdragon X…
Apple has explained why you shouldn't put your iPhone into a bowl of rice if…
Apple is finally set to fix the biggest flaw in the iPhone's camera The images…
Windows 11 Has Just Launched Its Latest Significant Update, Moment 5, as Part of April's…
Artificial Intelligence For All on iPhones: Hidden Or Not? Apple has remained relatively silent about…