Security bug leaves Linux and OS X systems wide open2014-09-26 09:21 by Daniela
Tags: security, Shellshock
A new security bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems - and, thanks to their ubiquity, the internet at large.
The security flaw known as Shellshock allows malicious code execution within the bash shell (commonly accessed through Command Prompt on PC or Mac's Terminal application) to take over an operating system and access confidential information.
The bug, drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring. But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.
The Shellshock affects Linux, Unix and Mac OS X, and is said to be more difficult to exploit than Heartbleed, which undermined key security tech at the heart of the web. However, Apple says users of its OS X operating system are "safe by default" from the new security vulnerability:
"Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems," Apple said. "With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."
Some Linux distributions shipped patches for the bug yesterday and are advising users to apply them.
Read more -here-