Feedback
Tech

Tech Companies Rush to Secure Products Against ‘Shellshock’ Bash Bug

Why the Bash bug could rival Heartbleed: CNET editor 1:06

Tech companies are scrambling to issue updates for products affected by the so-called "Shellshock" bug, which security experts say could be as serious as the notorious "Heartbleed" vulnerability from earlier this year. Some companies, like Apple, said their customers are safe unless they've turned on special advanced settings (they're working on a fix anyway). But companies that run servers and enterprise software have a bit more work to do. Amazon and Google issued security bulletins describing how to secure against Shellshock, and Reuters reported that Oracle warned its users of more than 30 vulnerable products. The bug is rated 10 out 10 for risk by the National Institute of Standards and Technology. The Federal Financial Institutions Examination Council on Friday warned banks that it "presents a material risk" and should be addressed as soon as possible. Patching the vulnerability is a straightforward update, but having to roll it out to tens of thousands of servers and devices is no small task. As with other pervasive, industry-level bugs, consumers and end users can't do much but wait.

IN-DEPTH

SOCIAL

—Devin Coldewey