-1

I am somewhat ignorant on this whole shell-shock thing that is happening right now. So, this may sound like a bit of a dopey question; but, I am wondering, if this effects me at all. I currently use a Windows XP computer (yes, I know about the other risks, please don't go into that) and an Apple iPod Touch (which is fully updated iOS 8.2). Could either of these devices - especially the iPod - be at risk?

I would appreciate a short history of shell-shock, if it does effect me, and what some signs would be that I have it!

L.B.
  • 493
  • 1
  • 8
  • 21

1 Answers1

1

Cygwin, which runs Unix commands (including bash) on Windows systems, is affected. https://cygwin.com/ml/cygwin-announce/2014-09/msg00033.html Any other Windows applications which have Bash or Cygwin integrated may also be affected. These should (generally) be few and far between, and will probably be mostly in enterprise-level products.

I haven't found anything from Apple regarding iDevices, but independent research from Fortinet concludes that out-of-the box iDevices aren't affected but jailbroken iDevices might be. http://blog.fortinet.com/post/are-ios-and-android-vulnerable-to-the-shellshock-bug

For most home users though, the vulnerability is largely mitigated by the fact that default configurations for end-user PCs (PC in the generic sense - Windows/Mac/Linux/etc. included) typically do not expose many services on the system to the network. Of those services exposed to the network on home systems, few usually require the type of functionality that would require input to be sent to Bash which may be controlled by an attacker. Even if such a configuration is present, the typical home system will not often expose vulnerable services to the public - they will either have a router/firewall device between them and likely attackers, or a host-based firewall will be configured by default to protect them on untrusted networks.

If you're unsure whether an operating system, application, or device may be vulnerable to Shellshock-related exploits, the best course is to seek validation from the vendor themselves. Either search online via the vendor's website or reputable security research sites, or contact the vendor directly yourself via normal support channels.

The IT Security Stack Exchange site has a Community Wiki dedicated to providing information about products and applications confirmed to be vulnerable to Shellshock, and what patches are available. It's not a comprehensive or authoritative list, but it could be useful to you if you use products that are on the list.

What operating systems and devices are known to be affected by Shellshock? What patches are available?

Community
  • 1
Iszi
  • 14,163