Following on the heels of the Heartbleed scare, another major vulnerability has been identified in a widely utilized software. The newly discovered security vulnerability, dubbed ‘Shellshock’, is part of Bash, the command-line shell utility common to Linux and Unix operating systems.
The vulnerability does NOT affect Windows users and the consensus among experts is that Mac users are “likely” vulnerable. However, the ubiquitous nature of Bash, which is present in countless networks and Web sites that rely on Unix and Linux operating systems, has many experts declaring Shellshock an extremely potent threat. The concern being that the flaw is so entwined with the Internet it has the potential to put millions of networks and consumer records at risk.
However, there appears to be two differing schools of thought on the actual level of threat posed by Shellshock. On the one hand we have warnings of dire consequences:
While another faction is tending to underplay the probable severity of Shellshock’s impact:
So who is right? I am certainly no security expert and do not profess to be but, as is often the case, I suspect the truth probably lies somewhere in between.
There is no doubt that, because of Bash’s ubiquitous nature, Shellshock represents a potentially serious threat but, on the other hand, the logic behind the arguments in Time Magazine’s article is compelling. I suggest you read through both stories as presented in the links above and decide for yourself.