Newly discovered security bug ‘Shellshock’, more widely known as the ‘Bash bug’ is the latest security threat potentially affecting millions of computers, servers and devices. .
What is a Shellshock/ Bash Bug?
Bash is a program interface (shell) that is used to execute commands on UNIX and Linux systems. The Shellshock Bug is a security flaw in this Unix Bash Shell which can be used by attackers to grant unauthorized access to computer systems.
A hacker could exploit this security flaw, remotely approach your servers and execute commands without any authentication, thereby gaining access to confidential information and exploiting web servers by injecting malicious commands.
Hours after news of the bug went public on 25th September, security researchers detected evidence of hackers trying to exploit it. This bug might pose serious threat not just to the computers using these operating systems but could also spread to all internet-connected devices including Android phones.
Security firm Rapid7 has rated the bug as 10 out of 10 for its severity, but “low” for complexity – meaning that it’s fairly easy for hackers to launch an attack and exploit the flaw using just three lines of code.
Staying safe from the bug
The vulnerability affects servers more than users’ own computers. It is highly recommended that affected systems are properly updated to the latest version of Bash to fix or mitigate the vulnerability as soon as possible.
netCORE servers are not at risk to this bash vulnerability
Our team of security experts have developed patches to safeguard against Shelshock bug and have done the needed security software update. So our API servers are not at risk to this bash vulnerability.