Recently, “Shellshock”, a serious vulnerability the with Unix command shell “Bash" was announced. A command shell is a part of the operating system that runs commands that are typed, or created in scripts. Command shells such as Bash are usually hidden from users with modern operating systems such as Windows, Mac OS, iOS and Android. But many applications use command shells as a way to issue commands to the operating system. Due to the Shellshock vulnerability, under certain very specific circumstances, applications that issue commands to the Bash shell could be vulnerable to an exploit.
The only Sonos product that issues commands to a potentially unpatched (vulnerable) Bash shell is the Sonos Mac OS Controller App. We are unaware of any potential vulnerabilities that can take advantage of this, but we encourage all Mac users to install the latest security updates from Apple. We have followed, as we always do, industry best practices to patch or update all of our internal systems that could be vulnerable, and have ensured that our service providers have done the same.
As always, protecting the privacy of our customers' data is of the utmost importance to Sonos. If you have concerns about the integrity of your information, please contact us at email@example.com