What should I know about Shellshock

Everyone is now talking about Shellshock. What is that and what can you do about it? Here’s what you should remember:

Shellshock is a software bug, which affects the Bash – the common command-line shell that is actively used in Linux/UNIX OS and Apple Mac OS X for controlling different programs and their features. It is believed that this 25-year-old (!) vulnerability was discovered by the Linux expert Stéphane Chazelas.


Since Bash can be found on millions of computers, mobile devices, routers, firewalls and servers, everyone can be affected by Shellshock. According to experts, the most vulnerable systems are MAC, Linux and Windows OS.


This bug can be exploited for connecting the target OS and infecting it with different kinds of cyber threats. It may also help hackers initiate various modifications on the system, let them access and destroy sensitive people’s information or cause other dangerous activities.

◾Compared with Heartbleed, Shellshock is more powerful and requires less skill to exploit it. This bug can be exploited without having a username and password of the server.

Shellshock can be used to create a self-replicating “worm.” At the moment of writing, it is known that two active worms have been exploiting the bug for turning affected systems into bots. They have also been attempting to guess passwords and logins on vulnerable servers.


Fortunately, it doesn’t take long to patch the bug. According to the latest news, security experts of Linux have already managed to develop fixes for Shellshock. In addition, Apple has also issued an update for this vulnerability for OS X Lion, Mountain Lion and Mavericks. No matter that some parties claim that these patches are incomplete, you should still download them as it is still better than doing nothing.