Sign In

Communications of the ACM

ACM TechNews

Companies Rush to Fix Shellshock Software Bug as Hackers Launch Thousands of Attacks


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Software firms such as Oracle and Apple are reportedly creating patches to combat Shellshock attacks.

As Shellshock attacks are beginning to be felt, a number of companies are starting to provide solutions for the bug.

Credit: The Descrier/Flickr

Companies and individuals were scrambling to determine what systems might remain vulnerable following warnings from the U.S. Department of Homeland Security last week about the newly discovered Shellshock bug affecting a widely used Bash Unix shell.

Apple and Google both issued statements on Friday saying most of the systems running their respective OS X and Android operating systems should not be affected by the bug, even as they noted some users may still be vulnerable.

Fears that Shellshock would almost immediately be exploited were confirmed, with security researchers reporting a spike in Internet scans searching for vulnerable systems. Incapsula on Friday reported witnessing about 17,400 attacks in the previous 24 hours targeting more than 1,800 Web domains, with more than half of the attacks originating from IP addresses in the U.S. and China.

The U.S. National Institute of Standards and Technology rated Shellshock a 10 out of 10 in terms of its severity, potential impact, and the ease with which it can be exploited. Experts, including the U.S. Computer Emergency Readiness Team, are advising users and administrators to keep on top of software updates and seek out patches for hardware such as routers.

From The New York Times
View Full Article - May Require Free Registration

 

Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account