Without going into specific details, the attack is performed by creating specially crafted environment variables and passing them to a program that interacts with the Bash shell. Some of the programs that are known to be vulnerable are CGI scripts on web servers, DHCP servers that utilize bash scripts, and authenticated SSH connections. Ultimately, though, any web page that utilizes a program that interacts with this Bash shell could possibly be vulnerable.
At this time there have been patches released for Bash that will fix part of this vulnerability. Unfortunately, the existing patches do not effectively patch it completely and Bash is still vulnerable. Patches should be released soon that resolve this vulnerability altogether. If you use a web server, you should check to see if you have CGI scripts enabled, and if so, disable them or replace them with another method.
For those running Windows, you have nothing to worry about unless you have installed Bash for some reason. For the vast majority of users, this is very unlikely. If you use a Mac then Bash is installed by default and affected by this vulnerability. At the same time, if you are not running a web server on your Apple then you do not have anything to worry about either, but should keep people you don't know off your computer for now. If you have a router that is affected by this vulnerability, you do not have to worry about it if you do not allow external access to the admin console. Most routers do not allow this by default.
So should you be worried? Are your computer affected?
The answer is yes and no. Most consumers' computers will not be directly affected by this vulnerability as their computers typically do not have Bash installed and can be reached remotely over the Internet. On the other hand, many servers that you connect to on the Internet will be affected. This could cause increased risk of your private information being stolen or the computers being hacked. Therefore, be extra careful for the next week or two until system administrators patch their Bash installs to resolve this vulnerability. Even more important, make sure you have an anti-virus program installed and kept up-to-date and keep an eye on your credit report in the event credentials are stolen.