Security researchers have discovered a very serious vulnerability in Bash, the popular shell used in various Linux and Unix based operating systems.
Exploiting this vulnerability, termed as "Shellshock", hackers can take control of any device running on operating systems that make use of Bash for command line operations.
Operating systems such as Mac OS X, various Linux and Unix flavours include Bash. Additionally, some networking equipment such as routers and switches running on Linux variants also make use of Bash. Exploiting the newly discovered bug in the shell could result in hackers gaining control of the data of millions of users.
The severity of the bug has been rated 10 out of 10 by Cybersecurity agency, Rapid7, due to its high risk and low complexity combination. It has been rated more serious than the Heartbleed bug which was discovered in OpenSSL earlier this year. The main differentiating factor between Heartbleed and Shellshock is that the latter allows hackers to take complete control of the target device while Heartbleed allowed hackers to steal the data that was transmitted.
The currently released patches make the vulnerability more difficult to exploit, but does not completely remediate the problem. In addition, Apple has yet to release an update, meaning that all Mac OS X machines are still vulnerable. Users should keep an eye on security updates and install as and when they are available. A list of fixes is available at US-CERT's website.
Source: US-CERT | Image via Blogsolute