'Bash' Bug Could Be Bigger Than Heartbleed
Almost six months after the Heartbleed bug was discovered, another security flaw has been uncovered. And the "Bash bug" has the potential to be even more dangerous.
The 25-year-old security vulnerability is based in the "Bash shell," a program that controls the command prompt and is used for many simple tasks on your computer, like opening an application. The "Bash" or "Shellshock" bug affects computers running Unix and Linux devices, as well as hardware running Mac OS X, reports CNET.
The bug is triggered when a hacker adds extra code to lines of Bash code, allowing him or her to potentially take control of your device and access your private information. The hack is reportedly low complexity, which could be catastrophic when paired with the wide range of devices in danger. The National Vulnerability Database ranks the bug a 10 out of 10 in terms of severity, so it really can't get much worse than this.
Since Bash is so widely used in operating systems, a huge volume of devices are likely to be vulnerable to the bug. Especially at risk are "Internet-of-Things" devices, which often use software built from web-enabled bash scripts and are less likely to be patched than a laptop. Without patching something like your home security system or a light bulb that is connected to your network, the bug can allow hackers to access everything behind your firewall.
Also at risk are older devices. Since the security flaw has been around for a quarter of a century, there will be many vulnerable devices that likely won't be patched, putting users' entire networks at risk.
Users have been advised to patch their operating systems ASAP. Keep an eye out for available updates that fix the vulnerability, and download as soon as they are available.