![]() What Should You Do?Īt the moment, LastPass customers and others should avoid using open, unsecured WiFi if using Mac OS X, until Apple releases a patch. ![]() Those managing computer systems should update their networks and machines with the proper patches as they’re released. The initial patch making the rounds Wednesday was not an effective fix, so the patch should be reapplied. Yes, there’s a patch for most Linux systems, though Apple has yet to release a fix for Mac OS X. Other companies and researchers have reported observing the same, indicating it’s likely other web services and networks are at risk. We have seen evidence of attempts to exploit the bug on LastPass systems, unsuccessfully. LastPass does not use Bash on web-exposed interfaces, and we’ve applied the latest patches as well. ![]() No, LastPass is not vulnerable to the Bash bug. This is far worse than Heartbleed, which could reveal data from server memory but didn’t allow direct action on a machine. Since the attacker could take any action that the web server itself could take, the consequences could be disastrous: the compromise of a database, access to files, access to source code, data being deleted, data being changed, running programs, and, perhaps worst of all, deploying malware to compromise the system. In short, the Shellshock bug puts untold millions of computer networks and consumer records at risk of compromise.īy exploiting the Shellshock bug, an attacker can essentially have full access to that server. Though you may be running Windows, most web servers on the Internet run on some variant of Unix, so your business or the services you use on a daily basis are likely to run these platforms. The bug could affect any network or website that relies on Unix and Linux operating systems, including Mac OS X. What is the Shellshock Bash Bug?īash, a unix shell typically used on Mac, Linux, and Unix systems, has had flaws that allow someone to trick Bash into doing things it’s not supposed to do, like running programs or modifying data. A newly-discovered security vulnerability dubbed the “ShellShock bug” could be more widespread and damaging than Heartbleed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |