What is the Shellshock vulnerability?
The vulnerability known as Shellshock is a serious flaw in the Bash shell processor. Bash shell is a command line interface, similar to a DOS box on Windows. This command line interface allows user interaction with Linux- and UNIX-based systems. There are many different types or flavors of Linux and UNIX platforms. One example of a UNIX-based operating system is Apple’s Mac OS X. Another example of a UNIX-like system is IBM’s z/OS.
On September 24, 2014, security researchers uncovered malicious code that attempts to exploit a vulnerability in Bash shell. The vulnerability makes it possible for attackers to run arbitrary commands that could lead to system compromise; however, the aftereffects of a successful exploit have not yet been fully understood or disclosed.
Is/was Pekin Insurance vulnerable?
None of the external services hosted by Pekin Insurance, like MyPI or Pekin Partners, have been affected. In addition, the Pekin Insurance Enterprise Security team has deployed security measures and will continue to monitor the situation for changes.
What do I need to do?
No action is required for users of Pekin Insurance web services; however, everyone is strongly encouraged to check public lists of prominent sites that may have been vulnerable in case of personal use.