

Linux users, which includes the vast majority of the world’s enterprises, could be in for a nasty shock. A security team at Red Hat has just uncovered a deadly new bug in the Bash shell, which is one of the most versatile and widely used utilities in the Linux OS.
The bug’s been given the apt name “Bash Bug”, or “Shellshock”. The reason why people are so worried is that when properly exploited, the bug allows attackers to execute their malicious code immediately – and they can take over complete control of a targeted system, security experts warn. Even worse, it seems the exploit has been present in enterprise Linux systems for some time, and so patching each and every instance could be a laborious process to say the least.
Red Hat, Canonical and Fedora have already issued patches, but other Linux vendors are yet to do so. Bash Bug also affects Apple’s OS X operating system, and so far it remains unpatched. However, Mac users can follow the instructions in this post from Stack Exchange to check for the vulnerability and attempt to patch it themselves.
Needless to say, security experts are warning that Bash Bug could be even more deadly than the infamous Heartbleed flaw that surfaced last April. While Heartbleed allowed hackers to spy on computers, it didn’t give them control over the infected systems. This time around, things are different.
“The method of exploiting this issue is also far simpler,” said Dan Guido of cybersecurity firm Trail of Bits to The Guardian. “You can just cut and paste a line of code and get good results.”
Red Hat, which described the bug as “catastrophic” in its alert, warned it can affect any device running Linux, be it a PC or smartphone, or even a smart car or calculator.
Because the flaw has only just been detected it’s impossible to know if any hackers have already found and exploited it. Security researchers are worried that, just as with Heartbleed, we may not know the extent of the damage done for months.
Heartbleed led to several high-profile hacks, perhaps the most infamous being when hackers found their way inside a hospital network and stole more than 4.5 million patient records, including their Social Security numbers.
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.