[ Originally posted on 2014.10.26. Revised on 2014.10.01 due to developing nature of incident. ]

Toronto, September 26, 2014 – A new vulnerability in the UNIX/Linux bash shell called “Shellshock” has been announced.

Scope

The original advisories from Mitre organization can be found here:

  •    CVE-2014-7169 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
  •    CVE-2014-6271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

PortfolioAid response

PortfolioAid responded immediately to this risk, and continues to apply patches as they become available.

PortfolioAid’s commitment to the integrity and confidentiality of client data includes:

  • conducting a SOC-2 service audit with a third-party audit firm
  • contracting third-party security experts to perform application vulnerability and penetration tests
  • conducting disaster recovery tests

Additionally, all software releases undergo a code review for security purposes, and we regularly patch operating systems and the software stack. For more information on PortfolioAid’s systems integrity stance, please contact PortfolioAid at +1 416 479 9710.