New Bash software bug may pose bigger threat than Heartbleed
A newly-discovered security bug in a widely used piece of Linux software, known as Bash, could pose a bigger threat to computer users than the Heartbleed bug that surfaced in April, cyber experts have warned.
Bash is the software used to control the command prompt on many Unix computers.
Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said.
The US Department of Homeland Security's United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple Inc's Mac OS X.
The Heartbleed bug allowed hackers to spy on computers but not take control of them, according to Dan Guido, chief executive of cybersecurity firm Trail of Bits.
"The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results," he said.
Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a "10" for severity, meaning it has maximum impact, and rated "low" for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," he said.
"Anybody with systems using Bash needs to deploy the patch immediately."
US-CERT advised computer users to obtain operating system updates from software makers.
It said that Linux providers including Red Hat Inc had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached
New Bash software bug may pose a bigger threat than Heartbleed
Please call for more information or if we can help you with anything else.
Computer Doctor
Suite 1, Ground Floor Surfers Plaza Resort,
70 Remembrance Drive,
Surfers Paradise. Qld 4217
Ph: 07 55924733
Fax: 07 55924761
Email:
This email address is being protected from spambots. You need JavaScript enabled to view it.
Web: www.computerdoctor.com.au