Security experts are flagging a new bug in Bash, a type of popular Linux software, saying it could be more dangerous to users than Heartbleed.
Bash, which is used to control the command prompt on Unix computers, contains a bug that would allow hackers to take over a system. Built by the Free Software Foundation, a non-profit organization, the software was designed for users to initiate command prompts.
While Heartbleed was widespread and sparked headlines in the news, the vulnerability in Bash is considered riskier as Heartbleed only allowed attackers to spy on users through their computers, according to a story published today in the Financial Post.
What you need to know:
– It’s not just security experts who have issued warnings about the bug in Bash. The United States Computer Emergency Readiness, a branch of the U.S. Department of Homeland Security, has sent out an alert about the bug, which could affect anyone using Linux or Apple Inc.’s Mac OS X. The department has since told consumers to install operating systems updates. While Red Hat Inc. has reportedly already built them for Linux, Apple has yet to create one for Mac OS X.
– It’s even easier to exploit the vulnerability in Bash than it was for hackers to take advantage of Heartbleed, one security expert says. Dan Guido, chief executive of Trail of Bits, was quoted in the Financial Post as saying using this vulnerability is as easy as a quick copy-and-paste job.
– The vulnerability in Bash could be a headache for a lot of companies, as IT administrators will be scrambling to patch computers that run Linux or Mac OS X and that also access the Internet. For larger organizations, that task could take some time to finish.
– Even if companies patch their Linux and Mac OS X machines for the vulnerability, there’s still a fear out there that the patches aren’t enough, and that hackers could still find ways to exploit the bug. That means companies may need to consider another way to protect their systems, on top of issuing patches.