The Apple OS X operating system along with Unix and Linux systems are vulnerable to the Shellshock bug. The bug is actually a flaw present in the Bourne-again Shell (Bash), a command-line tool used in different operating systems. The Shellshock bug isn’t new; it’s actually been around for 22 years. Hackers, however, have started taking advantage of the flaw, trying to access different systems and exploit the bug.
What You Need to Know
The major concern with Shellshock is that it allows a hacker to take over control of a computer. For example, a hacker could take over a banking system and commit fraud. According to The Register, the following systems are most at-risk:
- Apache web servers
- CGI scripts that use or invoke Bash
- Certain DHCP
For the most part, Ubuntu, Debian-derived systems and most Apple devices are not at-risk. Ubuntu and people who use other Debian-derived systems, however, should verify that Bash isn’t present on the systems. Most users shouldn’t have a problem with Apple’s OS X getting hacked unless someone has changed the advanced Unix settings.
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
Apple and companies like Red Hat are engineering patches to remove the flaw. Until then, the Department of Homeland Security is warning Internet users to take precautions. The Federal Financial Institutions Examinations Council (FFIEC), which provides standards for banks, adds that “banks should identify all their systems that use Bash and update them, and should also check third-party software.”
If you wish to have your system tested for the flaw, contact iBeta today. We can assist you with Shellshock and other types of security testing.