If you use Mac OS X or Linux software, you will no doubt by now have heard of the new online baddie – Shellshock.
Shellshock affects servers using Bash, which stands for Bourne-Again SHell. It is a command prompt on many Unix computers, an operating system for Linux and Mac OS.
Further investigation from our Hosting Partner, UK Fast, has determined the bug can only be exploited if an attacker finds a sneaky way in, or has already had access the the systems.
You don’t need to change any passwords, as it was with Heartbleed, which hit our desktops earlier this year. The shellshock bug does not target websites, but rather has the potential to hit devices themselves.
And even though this bug has the potential to hit millions of devices globally, security experts have said it will not cause that many problems, especially if users regularly update their devices, and deploy all patches released for Linux software, as has always been recommended.
The varied use of Bash, however, does mean there is no one single fix. Different technology companies will be releasing their own patches for different devices and servers.
UKFast will be deploying a patch today to all servers for the Shellshock bug. They have said the update will be seamless, and should not have an operational effect on services. There may be a second patch at some point in the future, for extra security and a more in-depth fix. Their advice to all customers is this:
“Our best advice really, as ever, is to apply the relevant patches and updates being offered by Linux providers and keep checking back for further information as further patches may be released. And as always, general good security practice is encouraged!”