[ Originally posted on 2014.10.26. Revised on 2014.10.01 due to developing nature of incident. ]
Toronto, September 26, 2014 – A new vulnerability in the UNIX/Linux bash shell called “Shellshock” has been announced.
The original advisories from Mitre organization can be found here:
- CVE-2014-7169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
- CVE-2014-6271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
PortfolioAid responded immediately to this risk, and continues to apply patches as they become available.
PortfolioAid’s commitment to the integrity and confidentiality of client data includes:
- conducting a SOC-2 service audit with a third-party audit firm
- contracting third-party security experts to perform application vulnerability and penetration tests
- conducting disaster recovery tests
Additionally, all software releases undergo a code review for security purposes, and we regularly patch operating systems and the software stack. For more information on PortfolioAid’s systems integrity stance, please contact PortfolioAid at +1 416 479 9710.