Following the news of the critical vulnerability that has been found in Bash, Toyin Adelakun, VP of products at Sestus says:
“Bash is a command interpreter (or “shell”) present on many Unix-based systems — such as Apple’s OS X, various flavours of Linux (such as Red Hat and Ubuntu), and other operating systems such as IBM’s AIX and HP’s HP-UX.
A command interpreter allows users to interact with the operating system, for the purposes of issuing low-level instructions and manipulating data.
On many Unix systems, “users" might be human, or software applications (apps).
Direct access to data and instructions potentially offers a means for attackers (malevolent users) to circumvent the protections built into a legitimate app in respect of the app’s data.
Therefore, the fact that many apps use bash to invoke other apps or operating-system commands makes this vulnerability particularly potent.
Bash is a powerful shell, and its support for “here documents”, for example, means that this vulnerability could, if exploited, allow attackers to run arbitrary code on the compromised computer.
Bash has been popular for most of its 25-year existence, and its persistence and ubiquity add up to a pervasiveness that raises both the likelihood and the impact of risks associated with this vulnerability.
The risks are of attackers executing arbitrary code on Unix systems, or illicitly modifying, adding or deleting data on such systems. To mitigate those risks, the urgent advice is to immediately patch or update the bash software. That applies both to servers as well as clients (i.e. individuals’ systems) such as Apple MacBooks and Mac Pro desktop computers. Because they affect both client and server computers, and because they could lead to data leakage directly from computers, these risks do indeed potentially surpass those of the Heartbleed bug.
“Bash” or “Bourne again shell” was written in part-homage to Steve Bourne, a British computer scientist and Unix pioneer. There are other shells on Unix platforms — such as the C shell (csh), the original Bourne shell (sh) and the Korn shell (ksh). At this time, there is no definitive indication that other shells have this vulnerability.”