Earlier this year, a security vulnerability called Heartbleed made the headlines. According to the reports at that time, the vulnerability was so bad that security researchers believed that it could have affected as many as two thirds of the internet. Unfortunately it looks like a new bug has been discovered that could possibly put Heartbleed to shame.
Thanks to the security team at Red Hat (via The Verge), they have discovered a dangerous bug in the Bash shell, which is one of the more widely used utilities in Linux. The bug has since been named the Bash bug, or Shellshock, and what makes it especially bad is that it has apparently been around for a long time.
What this means is that hackers who have known about the bug could have exploited it for a while now without anyone knowing. We suppose the upside is that better late than never, right? What makes the bug dangerous is that when exploited correctly, the bug allows an attacker’s code to be executed as soon as the Bash shell is invoked, thus leaving the user open to all sorts of attacks.
Red Hat and Fedora have since released patches for the bug, although it has also been noted that Apple’s OS X platform is vulnerable to the bug as well. According to Errata Security’s Robert David Graham, “An enormous percentage of software interacts with the shell in some fashion. We’ll never be able to catalogue all the software out there that is vulnerable to the bash bug.”