Tech Companies Rush to Secure Products Against 'Shellshock' Bash Bug

We apologize, this video has expired.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Tech companies are scrambling to issue updates for products affected by the so-called "Shellshock" bug, which security experts say could be as serious as the notorious "Heartbleed" vulnerability from earlier this year. Some companies, like Apple, said their customers are safe unless they've turned on special advanced settings (they're working on a fix anyway). But companies that run servers and enterprise software have a bit more work to do. Amazon and Google issued security bulletins describing how to secure against Shellshock, and Reuters reported that Oracle warned its users of more than 30 vulnerable products. The bug is rated 10 out 10 for risk by the National Institute of Standards and Technology. The Federal Financial Institutions Examination Council on Friday warned banks that it "presents a material risk" and should be addressed as soon as possible. Patching the vulnerability is a straightforward update, but having to roll it out to tens of thousands of servers and devices is no small task. As with other pervasive, industry-level bugs, consumers and end users can't do much but wait.



—Devin Coldewey