If you're running Linux, most of the big-name distributions have already released updates that patch Shellshock, including Red Hat, Ubuntu, Debian, Fedora, CentOS and more. Be warned, however, that while this critical update mostly plugs the Shellshock, it is still considered incomplete, as Red Hat explains:
"Red Hat is aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions... We are working on patches in conjunction with the upstream developers as a critical priority... Red Hat advises customers to upgrade to the version of Bash which contains the fix for CVE-2014-6271 and not wait for the [additional] patch."
Beyond your computer's operating system, many Internet-enabled devices are vulnerable to Shellshock--including network gear. Check your router manufacturer's website and make sure your firmware is up to date.
The bottom line
Don't panic! Shellshock isn't the end of the world.
But if you're running Linux or OS X, install the newest security updates as soon as possible. Make sure your networking gear is running the latest available firmware as well. (Check back on your router manufacturer's website over the coming days if there's nothing available now). And definitely be on the lookout for malicious emails that try to convince you to run software locally, or attempt to play off Shellshock fears to phish your personal information or login credentials to services. Big scares like this always bring the creeps out of the woodwork.
PCWorld's guides to protecting your PC against devious security traps and identifying malicious email can help you with the latter. For the full rundown on Shellshock--including how the Bash bug affects Internet of Things devices like security cameras and smart appliances--be sure to check out our original report on the bug.
Sign up for Computerworld eNewsletters.