The year 2014 has already seen some significant discoveries in the world of computer security. Heartbleed bug has made thousands of news headlines and was wildly discussed. However, on September 12, 2014, an even more critical bug was discovered. Named Shellshock (also known as Bashdoor), it is a Unix Bash shell’s bug, that may affect an estimate of 500 million computers worldwide including mobile devices. The discovery was not made public until September 24, 2014 to ensure that system admins could patch their systems.
Shellshock is a bug that allows an attacker to take control of Unix Bash shell, meaning taking the control of the whole system. The next day since the vulnerability was disclosed, tens of thousands attacks were made by a network of malicious computers, called botnet. These attacks were mostly originated from China and the United States.
Although Apple noted that the bug affects very few systems, the company has already released a fix on September 29, 2014. Ubuntu, Red Hat, Debian and other companies have also made sure their systems are properly patched. If you’re running a Unix computer (including Apple), we strongly encourage that you update your system as soon as possible.
Since the vulnerability affects Unix systems, Windows users can relax since their system don’t contain Bash shell. However, servers running Unix can be exploited and therefore websites can be modified to bring a malicious payload to the visitors. And that’s where computer users should be alarmed. As always, we recommend having an antivirus and antispyware software installed and constantly updated, to make sure that unwanted apps won’t inject into your PC.