Bash Bug Could Compromise Millions of Computers
Its has been 22 years since the Bash software was created, but it’s only just now that a major glitch is being discovered in it.
The New York Times reported that a software security team at Red Hat has discovered that Bash contains a software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.
An official alert from the National Institute of Standards and Technology advised that the Bash bug, also known as Shellshock, has been rated 10 out of 10 in terms of its severity, impact, and exploitability, but low in terms of complexity. This means that it could easily be used by hackers to wreak havoc on computer systems all over the world.
For those of us who aren’t tech geeks, two questions arise: What is Bash, and how could the Bash bug affect our computers and devices?
Mashable IT journalist Stan Schroeder explains how Bash operates.
“Devices use Bash, which is Unix software, to execute ‘shell’ commands; a shell is a program that translates your commands into something the device’s OS can understand. Typically, the shell needs to check information separate from the command, such as what software is running, to do its job. What Shellshock does is open a way for hackers to add some malicious information into that process.”
Several security experts claim that the Bash bug is potentially as harmful as Heartbleed, a vulnerability in the OpenSSL software that was discovered in April, as reported by The Inquisitr. The severity of Shellshock has been recognized by even the U.S. government, with the U.S. Department of Homeland Security releasing a warning about the bug and providing patches to fix affected servers.
According to Reuters, hackers have already begun to take advantage of the bug by using worms to infect vulnerable systems.
Apple has since released a statement assuring users that they are not at risk.
“The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.”
You can protect yourself from the Bash bug by installing the newest security updates and being on the lookout for malicious emails that try to convince you to run software locally or phish your personal information and login credentials.
[Photo credit: Reuters / Mal Langsdon]