On Wednesday, September 24, 2014, a significant vulnerability in Bash was detected. This vulnerability, commonly referred to as the “Shellshock” bug, affects versions 4.3 of Bash and earlier. The Bash vulnerability poses a potential security risk to Unix-based systems, including Linux and OS X.
Details of actual exploits are still coming in, but early reports indicate that SSH and web servers with CGI components are possible vectors for perpetrating an attack.
Apple has released an official update with more details on the vulnerability.
Patch resources now available
JAMF Software is currently investigating the full impact of this vulnerability for both our customers and internal services and infrastructure.
Within 24 hours of “Shellshock,” the JAMF Nation community started a discussion regarding the vulnerability and has provided a wealth of information and resources to solve this issue. With over 45 posts, the community is one of the best places for IT administrators to openly discuss “Shellshock,” have your concerns heard, and very likely, addressed.
JAMF Software and the JAMF Nation community will continue to work together to assure this vulnerability is patched and communicated to potentially impacted customers.