Thursday, September 25th, 2014
Shellshock: New vulnerability found
[News] A critical bug affecting hundreds of millions of computers, servers and devices has been discovered.
The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple’s Mac operating system. The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash. Experts estimate that this bug is even more dangerous than the Heartbleed bug discovered in April.
500,000 machines worldwide were vulnerable to Heartbleed, however it is estimated that Shellshock could hit at least 500 million machines. The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.
Bash – which stands for Bourne-Again SHell – is a command prompt on many Unix computers. Unix is an operating system on which many others are built, such as Linux and Mac OS. The US Computer Emergency Readiness Team (US-Cert) issued a warning about the bug, urging system administrators to apply patches.
However, other security researchers warned that the patches were “incomplete” and would not fully secure systems.
Cybersecurity specialists Rapid7 rated the Bash bug as 10 out of 10 for severity, but “low” on complexity – a relatively easy vulnerability for hackers to capitalise on.
Retrieved from: BBC News