A “deadly serious” vulnerability, nicknamed ‘Shellshock’, has been discovered within the software component ‘Bash’.
As part of both Linux and Apple’s IOS operating systems, this flaw in ‘Bash’ means that there have been potentially 500 million machines have been at risk to serious attack for up to 25 years.
Back in April, another flaw was discovered. ‘Heartbleed’, as it was named, put a suspected 500,000 computers at risk and was a big security concern when it was first found. However, it pales in comparison to the scale of risk presented by Shellshock.
Bourne Again SHell, aka ‘Bash’, is a command prompt on many Unix computers. By targeting the vulnerability, hackers are able to gain remote access of infected machines and take control of any system that utilizes Bash.
Users are being prompted to patch their software immediately, but also being warned that the patch may be incomplete and that Shellshock still poses a threat.
Attackers have already been using this flaw to their advantage, taking control of operating systems and getting access to confidential information, infecting servers and making unwanted changes. Despite this, users are being reminded that providing they patch their software and take the usual security precautions when browsing the web, they should be safe from the threat.
Williams Commerce actively patched all web servers using the available security patches, and there may be more security updates to come.
For any questions about ‘Shellshock’ and how Williams Commerce is taking steps to combat the risk, feel free to call our helpdesk on 0116 326 1116 or visit our contact page.
For more information, here are two articles that go into further detail about ‘Shellshock’:
http://www.pcworld.com/article/2687857/bigger-than-heartbleed-shellshock-flaw-leaves-os-x-linux-more-open-to-attack.html
http://www.bbc.co.uk/news/technology-29361794
