Linux users, which includes the vast majority of the world’s enterprises, could be in for a nasty shock. A security team at Red Hat has just uncovered a deadly new bug in the Bash shell, which is one of the most versatile and widely used utilities in the Linux OS.

The bug’s been given the apt name “Bash Bug”, or “Shellshock”. The reason why people are so worried is that when properly exploited, the bug allows attackers to execute their malicious code immediately – and they can take over complete control of a targeted system, security experts warn. Even worse, it seems the exploit has been present in enterprise Linux systems for some time, and so patching each and every instance could be a laborious process to say the least.

Red Hat, Canonical and Fedora have already issued patches, but other Linux vendors are yet to do so. Bash Bug also affects Apple’s OS X operating system, and so far it remains unpatched. However, Mac users can follow the instructions in this post from Stack Exchange to check for the vulnerability and attempt to patch it themselves.

Needless to say, security experts are warning that Bash Bug could be even more deadly than the infamous Heartbleed flaw that surfaced last April. While Heartbleed allowed hackers to spy on computers, it didn’t give them control over the infected systems. This time around, things are different.

“The method of exploiting this issue is also far simpler,” said Dan Guido of cybersecurity firm Trail of Bits to The Guardian. “You can just cut and paste a line of code and get good results.”

Red Hat, which described the bug as “catastrophic” in its alert, warned it can affect any device running Linux, be it a PC or smartphone, or even a smart car or calculator.

Because the flaw has only just been detected it’s impossible to know if any hackers have already found and exploited it. Security researchers are worried that, just as with Heartbleed, we may not know the extent of the damage done for months.

Heartbleed led to several high-profile hacks, perhaps the most infamous being when hackers found their way inside a hospital network and stole more than 4.5 million patient records, including their Social Security numbers.

photo credit: blackpawn via photopin cc