Who We Are

ADP Security Advisory – BASH Vulnerability (aka Shellshock)

Most Recently Reported: September 30, 2014
Date Initially Reported: September 30, 2014

ADP has learned of the Bash vulnerability (aka Shellshock) affecting Unix-based operating systems such as Linux and Mac OS X. This vulnerability makes an unpatched host vulnerable and, under certain configurations, remotely exploitable.

ADP’s team has made preliminary assessments on all our internet applications. We have found no evidence that any of our client-facing applications can be remotely exploited via this vulnerability.

ADP is currently busy patching all affected applications to bring BASH version up to a non-vulnerable version. Additionally, our cyber threat management platforms are continuously updated to detect and respond to malicious activity. In keeping with our emphasis on security, we will continue to scan and monitor our environments externally, as well as internally, in order to prioritize remediation efforts and patching to affected applications.

We certainly understand that our clients may have concerns and do want to assure our clients that understanding and addressing this issue is a high priority for ADP.

Protecting ADP clients and their data has been, and always will be, a top priority for ADP. Clients are encouraged to visit ADP’s trust and security center to learn about ways to help protect themselves: https://www.adp.com/about-us/trust-center.aspx.

If you have any further questions/concerns, please contact our Client Security Management Office via email adp.csmo@adp.com.

PDF Download a PDF of this Alert

See All Security Alerts