Norton provided a write-up explaining on the Linux and Mac OS X vulnerability known as ‘Shellshock’ or the ‘Bash Bug’ works in an infographic and video, both are embedded below. The vulnerability is more formally known as CVE-2014-6271: GNU Bash Remote Code Execution Vulnerability. Windows computers are unaffected by the vulnerability but Linux and Mac OS X computers, as well as many embedded systems that use Linux, could be affected by the bug.
The Bash bug allows an attacker to bypass regular security controls to insert additional unauthorized commands; which could, in turn, allow the attacker to steal data or gain control over the web server computer or other device.
In another post, Shellshock: All you need to know about the Bash Bug vulnerability, Symantec explains how the vulnerability works to allow remote code execution. A patch was published but only partially fixed the problem.
The Symantec products on Mac OS X can prevent the vulnerability according to the company.