Many other operating systems, including Linux and Apple’s Mac OS X, are built on Unix, and the Shellshock vulnerability affects web servers and apps worldwide. Apache servers are at particular risk of compromise, as are OpenSSH and some DHCP clients.
The Shellshock vulnerability, discovered by Stephane Chazelas of Akamai, relates to how environmental variables are processed. In many common configurations the vulnerability is exploitable over the network, meaning Shellshock can be used to take control of many systems that use Bash, with potentially catastrophic results. NIST has rated Shellshock’s severity as 10 (high).
Some patches have already been issued but security researchers warn they are incomplete and do not secure systems fully.
Users are advised to continue updating their systems as new patches are issued and, as ever, organisations are urged to conduct regular penetration tests.