As you may already be aware, security researchers announced a security flaw in Bash, a command processor on many computers running Linux operating systems and Apple OS X. The bug, known as Shellshock, is a hole in Bash that lets an attacker insert code into a victim's computer in order to run commands and control a computer remotely. The attacker could potentially access files, operate programs, and copy and delete data.
At MegaPath, we take your privacy and security very seriously. We continually perform security audits and diligently and persistently monitor our network to ensure that there are no vulnerabilities that could affect the services provided to you, our customers. In addition, we perform stringent testing including detailed validation and certification of any new piece of equipment being introduced in our network prior to putting it in production.
Once MegaPath became aware of the Shellshock vulnerability, we moved quickly to address it. We have performed extensive security audits within our network and service platforms to check for this specific vulnerability. At this time, MegaPath has no evidence that the Shellshock bug was used to access any MegaPath data or services.
MegaPath has verified the security state of customer equipment and configurations utilized in MegaPath services, including CPE and other components. MegaPath has evaluated the following services for any impact relating to Shellshock bug with the following results:
MegaPath is addressing the potential vulnerabilities listed above by implementing patches as they become available through our vendors. MegaPath will perform critical system patches within seven days of a patch release and non-critical system patches within thirty days of a patch release. We also recommend that our customers follow standard security best practices and use recommended security privileges across all systems.
It is important to note that this advisory only applies to MegaPath-provided systems, equipment and components. We strongly advise that you evaluate your own infrastructure, identify possible vulnerabilities, and resolve any issues promptly to include the swift application of any manufacturer security patches to your impacted systems.
For more information on the Shellshock bug, here is a helpful link:
If you have any questions, please contact us at 1-877-611-6342 (option 4) or email firstname.lastname@example.org.