Do you know what Shellshock bug is?
Shellshock bug is one of the newly discovered security bugs that affects Bash component on computers, devices and servers. While some analysts are eager to compare it with Heartbleed, which was discovered in spring, the main difference between Shellshock and Heartbleed is that the latter allowed malevolent third parties to spy on unsuspecting users, while Shellshock literally leaves the system’s door open and almost anyone can gain access to it. The National Vulnerability Database ranks Shellshock 10/10 for its severity, and anyone who might be exposed to malicious exploitation is encouraged to apply patches immediately.
This is probably the first time that you hear about Bash component in the first place. That is because this command-line shell is mostly used by programmers. This component allows users to launch programs and features, and in general it should not be open to an average user. However, with Shellshock bug on the loose the situation changes. Probably the most shocking thing about Shellshock is that this vulnerability has been there for 25 years. If the bug is used properly and effectively, after a few command executions, the hacker would be virtually in control of the target system or a computer.
Although Shellshock may affect all operating system, computer security experts say that the biggest implications could be for Mac OS X. While technical users are expected to mitigate the vulnerability themselves, experts say that average users should better wait for an official patch from Apple. The same applies to all the other systems. Although a big number of users do not even think of doing that, but you are strongly suggested to patch the systems immediately. You should be especially concerned by it if you host a website that runs on one of the affected operating systems.
Technically, there is not much an average computer user can do about Shellshock. It all depends on whether software vendors release patches on time. Even so, some security specialists voice out an opinion that security patches may not be enough to protect systems from Shellshock exploitation. For all it’s worth, right now users can only hope that the patches will be released on time, and the updates will be applied as soon as possible.
At the same time, we can see that the problem lies within the fact that important system components are often created and managed by single individuals who are usually volunteers. Unless big corporations invest in maintaining important system components, security bugs similar to Shellshock may be discovered in the future as well.