On Sep 24, a critical security advisory was posted about CVE-2014-7169 (a.k.a “shellshock”), a vulnerability in bash shell which affects many unix-variant systems including Linux and MacOS. Wellpepper uses linux systems as part of our cloud service. As of 10:00 AM PDT this morning (Sep 25), we have validated that all of Wellpepper’s systems have been patched against this vulnerability. We are unaware of any current network exploits that affect our systems (we do not use cgi-bin, for example), and we see no evidence of any unauthorized access attempts to our systems. There is no action required for Wellpepper customers – your data is safe and secure.
For others working on patching systems, the Register has posted some good background information and guidance here: http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
For your own personal devices and computers running Mac OSX, do not connect to public networks until Apple issues a patch.