According to Kyle Kennedy, chief technology officer at data focused company STEALTHbits Technologies, in Hawthorne, N.J., not much skill is needed on the part of hackers seeking to exploit the Bash flaw.

"The method of exploiting this issue is quite simple – doesn't require sophisticated attack methodologies – essentially cutting and pasting a line of code can provide a hacker/cyber-criminal very good results with minimal effort," he said.

Apple, for its part, issued a statement that unless users have configured their computers to run advanced UNIX services, it has no Bash vulnerability. Apple said it believed few have done so, although the company said it is working on a patch that will protect those users. Some patches, which also are in the works to offer protections to Unix and Linux users, have been distributed.

On Sept. 26, CUNA Mutual Group released a risk alert on Bash: "Credit union IT staff should identify all devices with the affected operating systems. Patches should be installed as soon as they are made available by the vendors," the alert read.

Don Jackson, director of threat intel at security company Phishlabs in Charleston, S.C., urged credit unions to contact vendors that provided them with public facing Internet tools, such as online banking, to check on the current security status and what patches are available.

Jackson, without diminishing the potential vulnerabilities involved with the Bash bug, nonetheless said, "the sky hasn't fallen yet. If the sky were going to fall it would have already."

Shellshock was revealed Sept. 24, and so far, successful attacks have been limited, he noted. "[The] potential impact will be low compared to what in theory could happen. Controls are already in place from past exploits. Many servers are hardened," he said.