What is “Shellshock”?
Shellshock is the name given to a collection of vulnerabilities present in a widely distributed component of Unix-based operating systems, called Bash. The vulnerable component is present in all Linux and Mac OS distributions as well as they use the same component to process commands within the operating system. It does not appear to, in general, affect Windows-based systems as they use a different program.
These vulnerabilities allow someone to inject commands on the specified platforms. This can be exploited in a variety of ways and can led to fairly significant compromises to the confidentiality, integrity, and even availability of data.
Who is affected?
As stated, these vulnerabilities are present on systems that use a Mac OS X, Linux and Unix system platform. For the small segment of Wentworth systems that had the vulnerable component, these vulnerable components were not necessarily exposed to the public in an exploitable fashion. To be safe and sure we mitigated the risks further, we have done the following:
- Updated our firewall threat detection capabilities. Before patches were available for the individual systems, we were able to successfully detect and block attempts made to exploit these vulnerabilities on our internet-facing systems.
- Applied all available patches and updates to the affected systems to fix the vulnerable component.
We will continue to apply any additional patches and updates as new vulnerabilities are reported.
What do I need to do?
If you use a Mac, there is a potential that your operating system may be vulnerable. To fix this vulnerability, we advise that you visit the Apple Support page, located at http://support.apple.com/downloads/. Download and install the OS X bash Update that matches your operating system (OS X Mavericks for 10.9, OS X Mountain Lion for 10.8, and OS X Lion for 10.7).