A vulnerability has been discovered within the widely used Bash software included on Linux and Mac operating systems, raising concerns about an exploit that some experts say stands to be more damaging than the Heartbleed bug identified earlier this year.
Researchers revealed on Wednesday this week that a bug has been spotted in Bash — a command-line shell developed in the 1980s and common to Linux and Unix systems — the likes of which may allow attackers to target computers and, if successful, run malicious codes that could let them take control of entire servers pertaining to potentially millions of machines.
But while the so-called Heartbleed bug found in April allowed hackers to spy on vulnerable systems due to a previously undiscovered flaw in the open-source encryption software called OpenSSL, security experts say already that the Bash exploit — being referred to as “Shellshock”— is more severe because exploiting it could allow attackers to seize systems that are vulnerable by running unauthorized code that, in a worst case scenario, gives them full privileges on the plundered machine.
“The method of exploiting this issue is also far simpler,” Dan Guido, the chief executive of a cybersecurity firm Trail of Bits, told Reuters on Wednesday this week of the differences. “You can just cut and paste a line of code and get good results.”
After discovery of Shellshock was identified by researcher Stephane Schazelas on Wednesday, the United States Computer Emergency Readiness Team, or US-CERT, acknowledged the severity of the issue by releasing a statement warning that “exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.”
“In other words, it allows the user to type commands into a simple text-based window, which the operating system will then run,” security company Symantec said in a warning on Thursday.
“Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera,” Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, added to Reuters. “Anybody with systems using Bash needs to deploy the patch immediately.”
WHILE YOU ARE HERE…
The mass censorship of independent media is exploding. Our content is being silenced on social media and demonetized by mega-corporations who want to eliminate competition. But you can help us in this fight. Your freedom matters. Your voice matters. You have the power to fight those who seek to silence us.
You are our most important ally.
We need your support now. Donate to help us fight Big Brother censorship.
Latest posts by Niamh Harris (see all)
- Catholic Church In New York To Pay $27 Million To Four Child Sex Abuse Victims - September 19, 2018
- Over 5 Million Yemeni Children On Brink Of Famine Amid Saudi War - September 19, 2018
- The Netherlands Ends Its Funding To White Helmets In Syria - September 18, 2018