You may have heard the name ‘Shellshock’, which is the latest security vulnerability to be publicised. This came to light last week and was rated as extremely serious because it could enable a hacker to gain access to and control over computers, such as web servers, firewalls and indeed potentially any device running Linux.
The vulnerability is found in an element of the Unix operating system and is known as Bash. It affects many variants of Unix such as Linux and also Apple’s OSX.
When we were first alerted to the problem, we immediately checked all systems used by our customers to whom we provide IT support and also the systems at Vantage IT. Most of the equipment we support runs on Microsoft operating systems, which are not vulnerable, but there is a significant number of servers and devices with Unix-based software.
Once the potentially at-risk equipment had been identified we checked with the manufacturers for updates. However, due to the fast-moving nature of such situations, they hadn’t managed to release any updates, or at the time we were taking action, even a status as to whether their equipment was vulnerable.
We therefore rapidly identified workarounds and contacted customers to inform them of the situation. Within a few hours of the initial Shellshock alert, we had implemented changes to ensure all potentially vulnerable equipment had been protected.
Many systems that run websites are based on the Unix operating system, so it would be advisable to contact your web hosting company to ensure any vulnerable systems have been patched. As the vulnerability would enable hackers to install malicious software on the devices, patching alone is insufficient and checks should also be made for the presence of malicious software.