Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Attacks against Shellshock continue as updated patches hit the Web

Steve Ragan | Sept. 30, 2014
Updated patches are in the works, but criminals are targeting the flaw now.

When the Shellshock vulnerability was disclosed on Wednesday, nearly all of the Linux / UNIX distributions released fixes that would correct the problem. However, researchers quickly determined that they were incomplete, leaving patched systems exposed to variations on the original attack vector.

This led to the publication of four additional CVE advisories (CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, and CVE-2014-6277), but administrators and system operators are encouraged to update GNU Bash with all of the latest fixes and to apply additional patches as they are released. So far, there have been three updates to GNU Bash since the problem was publicly disclosed.

Finally, Apple addressed Shellshock in a statement this weekend, noting that a "vast majority" of OS X users were not at risk because OS X systems were "safe by default and not exposed to remote exploits of [GNU Bash] unless users configure advanced UNIX services."

For those with advanced services enabled, Apple is working on an update.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.