[KB3578] What is Shellshock and does ESET protect me from it?

Issue

  • The Shellshock exploit is also known as Bash Bug

Solution

Shellshock patched in OS X Yosemite (10.10)

The latest production version of OS X, Yosemite, is not vulnerable to Shellshock. Visit the OS X Yosemite upgrade page for information about how to upgrade your operating system.

Does ESET protect me from Shellshock?

The Shellshock or Bash Bug exploit is not malware, so it cannot be detected and blocked in the way that malware can. Shellshock is a vulnerability that exists on Linux- and Unix-based systems (Apple has released a patch for OS X, see below). While ESET cannot protect against the exploit itself, ESET will protect you against malicious files that may be introduced to your system using this exploit. To ensure the highest security level, ensure you are using the latest detection engine update.

An exploit such as Shellshock is a security vulnerability that cybercriminals can leverage to steal valuable data like banking information or personal identity information. We recommend contacting any online services that handle your personal information (for example, your bank) and verifying that they have patched their systems to eliminate this vulnerability.
 

Who does this affect?

  • Anyone who uses a router, modem or Wi-Fi device can be affected because these devices use Linux and can be exploited by Shellshock
     
  • macOS X and Linux users, because these operating systems use the bash shell
     
  • Network administrators
     

How can I protect my data?


Follow the instructions for Windows users above and ensure you are using up-to-date security or antivirus software. Ensure that you are using the latest version of your operating system and download any available system updates, contact Apple support for more information on operating system updates.

  • Windows users: Patch your router or modem with the latest available updates; contact your internet service provider if you need help.
     
  • macOS X users: Apple has released an update to OS X that removes this vulnerability. OS X Mavericks (10.9) users: Before performing the repair, you must update OS X to the latest version click your operating system version below to visit Apple support, where you can download this update:
  • Network administrators: Ensure that any Unix or Linux devices (routers, modems, switches, etc.) or servers have the latest available updates and operating system versions. Contact your hardware/software manufacturer for the latest updates or software versions.

 

For more information about the Shellshock exploits, visit our ESET blog posts:

How to fix Shellshock Bash on Mac OS X: Mavericks edition

How to resolve Shellshock on Mac OS X, web servers and more

Last Updated: Dec 12, 2023

Additional resources

User guides

ESET Forum

YouTube videos
ESET Support News ESET Customer Advisories ESET Status Portal ESET Technical Support

Existing customer?