Shellshock

Shellshock is a bug that uses a vulnerability in the common Unix command execution shellbash (Bourne-Again SHell) to potentially enable hackers to take control of the machine and remotely execute arbitrary code directly into the system.

Because it preys on the Unix bash shell, which is utilized by most other major desktop and mobile operating systems like Linux, Mac OS X, iOS, Google Android and even Microsoft Windows, Shellshock has the potential to attack many types of systems and devices. To date, though, reports of Shellshock in the wild have been fairly limited, with the most prominent attacks targeting Web-facing servers and Network-Attached Storage devices (NAS).

It’s also believed that operating systems like OS X and Windows do not expose bash to attacker-supplied input, which Shellshock would need to be able to control the computer. There remains the possibility, though, that other vulnerabilities could be discovered that would provide a way into the system for Shellshock or variants of the Shellshock bug.

Shellshock Shares Similarities with Heartbleed

Shellshock shares similarities with the Heartbleed bug that gained widespread attention in early 2014. Both are examples of arbitrary code execution (ACE) vulnerabilities, and they both make it possible for a hacker to exploit a wide range of computers, servers and other devices.

Whereas Heartbleed only infiltrated the security layer of the system though, the Shellshock bug compromises the center of the operating system itself.

Shellshock Bug a Perfect 10 in Severity

The National Institute of Standards and Technology has rated the Shellshock vulnerability as a 10 out of 10 in terms of severity, impact and exploitability. Compounding the problem, Shellshock is also ranked low on the complexity scale, which means it has the potential to easily be used by a large percentage of hackers.

Forrest Stroud
Forrest Stroud
Forrest is an experienced, entrepreneurial and well-rounded professional with 15+ years covering technology, business software, website design, programming and more.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Common Business-Oriented Language (COBOL)...

What is COBOL? COBOL stands for Common Business-Oriented Language. It is a 60-year-old programming...

Shared Hosting Definition &...

Shared hosting is a web hosting model in which multiple sites occupy the...

Database Integration Definition &...

Database integration consolidates data from multiple sources to provide businesses with more comprehensive...