ShellShock, a serious security flaw has been rated 10/10 by the US government backed National Vulnerability Databases for its severity. To limit the fallout of the severity, Google, Amazon and other software majors are actively reacting by providing patches and advices.
Shellshock if exploited with criminal intensions, unfortunately, that’s easy to do, could mean stealing information, propagating malware across systems and taking over users’ computers. Shellshock is really, really nasty, and here’s a run-down of the most important reactions we’ve seen so far:
• Google has “taken steps to fix the bug in both its internal servers and commercial cloud services,” the Wall Street Journal reported, quoting an unnamed source. The firm also issued a security bulletin.
• Amazon Web Services has issued a bulletin advising those of its customers who use Amazon’s Linux image, or AMI, on how to update it to a patched version.
• Apple has claimed most OS X users are not at risk of remote exploits, unless they “configure advanced UNIX services.” However, experts have recommended disabling remote log-in for such systems until the company releases the patch it’s working on.
• Red Hat, which was the first outfit to be notified of the vulnerability, has issued a couple of patches for its server and enterprise Linux products. One, for Red Hat Enterprise Linux (RHEL) versions 5 through 7, seems to be alright. However, the company has warned that the other is incomplete – though it’s still better than nothing.
• Debian Linux users on the stable “wheezy” distribution should update their bash packages, and Ubuntu users also have updates to make.
• Governments, such as those of the U.K. and U.S., are trying to mitigate the problem, which leaves many of their systems vulnerable.
The affected bash shell is so widely used, with so many systems using it, making it a serious threat to the web world. We’ll update this list as and when new information comes in.