IT | Security

Absolute Software Customer Deployments Not Vulnerable to Shellshock Security Bug

By: Absolute Editorial Team | 9/27/2014

Shellshock, or Bashdoor, is a security vulnerability that was recently identified in the Bash shell that is used on versions of Unix-based operating systems. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 for details.

Following a comprehensive review of our technology and products, Absolute Software would like to inform customers that Absolute products are not vulnerable to this exploit. In fact, Absolute Manage  our endpoint management solution, can actually be used to identify computers within a company’s environment that are potentially vulnerable through this Bash exploit. More information on this feature is available to Absolute customers on our Forums and through our log into your account.

Absolute Software is committed to ensuring our products are secure and our customers are protected. At Absolute Software we pride ourselves on maintaining independent security certifications and  regular technology audits. This includes certification  to ISO/IEC 27001 Information Security Management for production of IT operations for customers. The standard covers 10 detailed control categories including: information security policy, security organization, asset classification controls, personnel security, physical security, communication management, access controls, system deployment, continuity planning and compliance.

Absolute Software is also certified to ISO/IEC 27001 following audits conducted by BSI Group which recognizes the company's implementation of an effective ISMS that complies with one of the most stringent international standards.

In summary, the identified vulnerability is not exploitable in Absolute Software products. For more information, customers can contact our log into your account, and for all other enquires: http://www.absolute.com/en/about/contact