ShellShock vulnerability assessment

ShellShock vulnerability assessment

Recently, reports in the media have highlighted the ‘ShellShock’ vulnerability that affects the Bash component of Unix based operating systems.

https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability

https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/

Intercede have evaluated the potential problems with respect to MyID installations and are pleased to advise that we have not found any direct risks posed to MyID by ShellShock.

Bash is a component that is found on non-Windows operating systems, such as Unix, Linux and Mac OS X. The MyID server runs on Windows operating systems, so is itself unaffected by this vulnerability. MyID clients, and other Intercede developed apps running on Windows, iOS, Android or Blackberry operating systems are also unaffected.

However, it is important that customers who run MyID servers as virtual machines hosted on the affected operating systems check with their suppliers.

You should also check that additional software that might include this vulnerability, such as the Cygwin development tool, is not present on your Windows servers.

We will update this notification if the situation changes. If you require further clarification please contact [email protected].

Trusted By Governments and Large Enterprises Worldwide

Where protecting systems and information really matters, you will find MyID. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.