The campus is distributing this message today to UC Davis faculty, students and staff, about the "Shellshock" vulnerability first reported in the media last week.

Hello,

A serious security vulnerability known as "Shellshock" is receiving a lot of media attention. This vulnerability affects commonly available web services on Unix-like systems, including Mac OS X and Linux. Owners of Mac or Linux machines need to apply a patch as soon as one is available from Apple or Linux. In almost all cases, this vulnerability does not affect Windows users.

The Information and Educational Technology security team and campus system administrators are taking this vulnerability seriously, and have taken these steps:

• Fixing servers and applying patches where necessary
• Identifying vulnerable servers and blocking malicious network traffic

The system administrators are performing the critical tasks to protect the most vulnerable parts of our network by consulting the operating system (OS) vendors for patching instructions. However, we want you to be aware that all Mac operating systems potentially have the same vulnerability, though in most cases the threat is low.

To be clear, this is not a virus or malware, but a flaw in a program on the operating system. As such, please look for an update from Apple or Linux and install it as soon as it is available.

In the meantime, if you have any questions please contact your department's IT support.

Regards,

Cheryl Washington, CIPP/US, CIPP/G, CISM, CISA, CRISC

Chief Information Security Officer

University of California, Davis