Experts expect more than 500 million computers could be affected thanks to “Shellshock”.
A very serious flaw in one of the most basic functions of OS X, Linux and UNIX was revealed and patched today by software developers. The command-line (a.k.a bash) interface for UNIX systems, allows injection of malicious code, code following commands and automatic executes without verifying it. The most recent patch prevents that code execution.
Bash is widely used and it is the default shell for OS X and most distributions of Linux including many Linux server builds. This threat is larger than the recent Heartbleed threat.
Back in April 2014, an examination of the OpenSSL code library used to secure thousands of websites revealed a big security flaw that has existed for more than two years and IT consultants worldwide are still cleaning up after the “Heartbleed” bug.
Today’s Bash bug also known as “Shellshock” is an old exploit as Heartbleed. Unlike Heartbleed which only affected a certain version of OpenSSL, Shellshock has been around for long time.
Microsoft Windows users can bypass the graphical-user interface and communicate more directly with the computer using a DOS-like text screen whereas users of UNIX-like systems can drop into the command line and run code more efficiently using only text-based commands.
UNIX and Linux systems using the command line is necessary to update software and perform anything more than basic functions. There are several competing command-line-interface systems for UNIX-like systems and most can be used interchangeably. Bash is used by user-like processes within the operating system to interact with other processes.
Red Hat has already released its own patches that fix this flaw.
There don’t appear to be any exploits related to this bug yet but the flaw offers an opportunity for attacks on OS X and desktop Linux, not to mention countless server builds.
There is no updates at the moment for Apple, Ubuntu, Mint, Debian or other Linux systems however if they launch updates this week, be sure to install them immediately.