Heartbleed? Wait until you see this – A potentially far greater destructive security hole threatens huge amount of devices running UNIX-based operating systems, including Mac OSX!
Although we could relax a bit after the Heartbleed loophole story, the information security market is again windy and stormy over the past few days. Could it be that one of today’s most popular tools in the world is also one of the most threatening security information throughout the world?
It turns out that recently there have been many scans throughout the internet that aim to find a bug named Shellshock, which originates from the Bash shell command line (an acronym for Born Again Shell).
This shell is used for interpreting and translating commands from the user to the operating system and is included as a free tool built by the open source community in UNIX-based operating systems. In the potential victims we can find the free operating system – Linux, on all its variety of different distributions, and even Apple’s OSX, which so far emerged as one of the most immune operating system against security holes.
So what is the problem exactly?
Shellshock allows attackers to remotely execute malicious code on a variety of systems, such as web servers, routers, or any other device that uses Bash’s version that contains the faulty code. All the attackers need to do is to inject their own malicious code into the environment of the operating system through a CGI script or OpenSSH. When a certain process uses Bash, the malicious code is executed and the breach is successfully completed. Distributers of different Linux versions have already pushed the necessary amendments to the users, including Red Hat, Ubuntu, Fedora, CentOS and others. It looks like the Shellshock bug has been around for more than 22 years and apparently has been used quite a few times in history, but was discovered and published only in the last few days.
The biggest concern is about devices that are much harder to update, such as mobile phones running some old versions of the Android operating system and even components that are used daily by the average user, such as security cameras and refrigerators. It is estimated that the Bash shell which contains the disturbing bug exists on more than 100 million devices worldwide.
So what do you need to do in order to be protected from this fearsome Shellshock?
Well, if you’re a Linux user, you probably already received the appropriate update onto your computer by the appropriate distribution.
If you have a Mac and OSX, so far Apple has not released any response to the matter, but we encourage you to be on alert with the mouse cursor on the updates tab in Mac App Store in order to be ready when Apple releases an update for the breach.
In any case, it is better not to run programs downloaded from unknown sources, and take caution where possible, so that your computer will not turn into another machine enlisted by some Shellshock hacking team.