“Shellshock” Bug Puts Computers At Risk

September 26, 2014

A recently discovered computer bug – one that has apparently existed for years – is putting Linux-based computers at risk of attack by hackers, including Apple machines running the company’s OS X operating system.

Other devices vulnerable to the flaw include some routers, security cameras, and other Linux-based devices.

According to a report in PCWorld, “Akamai security researcher Stephane Chazelas has discovered a devastating flaw in the Unix Bash shell, leaving Linux machines, OS X machines, routers, older IoT devices, and more vulnerable to attack.

“Shellshock,” as it’s been dubbed, allows attackers to run deep-level shell commands on your machine after exploiting the flaw, but the true danger here lies in just how old Shellshock is — this vulnerability has apparently been lurking in the Bash shell for years.

“A large swath of the web-connected devices, web servers, and web-powered services run on Linux distributions equipped with the Bash shell, and Mac OS X Mavericks is also affected.”

Technologist Tom Scott provides an easy-to-understand overview of the Shellshock bug:

“The fact that Shellshock’s roots are so deep likely means that the vulnerability will still be found in unpatched systems for the foreseeable future—though the odds of it directly impacting you appear somewhat slim if you use standard security precautions.

“The news comes as the security community is just shaking off the effects of Heartbleed, a critical vulnerability in the widely used OpenSSL security protocol.”

While Linux developers have began releasing at least partial fixes, hackers have already been attempting to exploit the flaw, with a ZDNet report saying, “Security researchers have found proof of concept code that attempts to exploit the serious bug discovered this week in Bourne-Again Shell, also known as Bash.

“The good news yesterday that some Linux distributions shipped patches for the bug yesterday has already been tempered by the discovery that those patches only partially dealt with potential attacks.

“At the same time as security experts have been racing to develop fixes for the bug and patch systems, it appears hackers have been working on tools to attack vulnerable systems.

“Security researcher Yinette yesterday reported discovering the first attack in the wild that exploits the bug, which has been officially documented as CVE-2014-6271.”

Computer users vulnerable to the Shellshock bug are encouraged by security researchers to patch and update their systems as soon as possible in order to protect themselves against potential attacks, with an unofficial patch available to advanced Apple OS X users in the meantime.

Read More About

Category: All, Business, technology