UPDATED 07:00 EST / SEPTEMBER 25 2014

Bash! Take that Heartbleed, there’s a new bug in town

small__4788690629(1)Linux users, which includes the vast majority of the world’s enterprises, could be in for a nasty shock. A security team at Red Hat has just uncovered a deadly new bug in the Bash shell, which is one of the most versatile and widely used utilities in the Linux OS.

The bug’s been given the apt name “Bash Bug”, or “Shellshock”. The reason why people are so worried is that when properly exploited, the bug allows attackers to execute their malicious code immediately – and they can take over complete control of a targeted system, security experts warn. Even worse, it seems the exploit has been present in enterprise Linux systems for some time, and so patching each and every instance could be a laborious process to say the least.

Red Hat, Canonical and Fedora have already issued patches, but other Linux vendors are yet to do so. Bash Bug also affects Apple’s OS X operating system, and so far it remains unpatched. However, Mac users can follow the instructions in this post from Stack Exchange to check for the vulnerability and attempt to patch it themselves.

Needless to say, security experts are warning that Bash Bug could be even more deadly than the infamous Heartbleed flaw that surfaced last April. While Heartbleed allowed hackers to spy on computers, it didn’t give them control over the infected systems. This time around, things are different.

“The method of exploiting this issue is also far simpler,” said Dan Guido of cybersecurity firm Trail of Bits to The Guardian. “You can just cut and paste a line of code and get good results.”

Red Hat, which described the bug as “catastrophic” in its alert, warned it can affect any device running Linux, be it a PC or smartphone, or even a smart car or calculator.

Because the flaw has only just been detected it’s impossible to know if any hackers have already found and exploited it. Security researchers are worried that, just as with Heartbleed, we may not know the extent of the damage done for months.

Heartbleed led to several high-profile hacks, perhaps the most infamous being when hackers found their way inside a hospital network and stole more than 4.5 million patient records, including their Social Security numbers.

photo credit: blackpawn via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU