Bash software bug could cause more damage than Heartbleed

hacking
- Advertisement -

A newly discovered security bug in a widely used piece of Linux software, known as Bash, could pose a bigger threat to computer users than the Heartbleed bug that surfaced in April, cyber experts have warned.

Bash is the software used to control the command prompt on many Unix computers. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said.

The Department of Homeland Security’s United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple’s  Mac OS X.

The Heartbleed bug allowed hackers to spy on computers but not take control of them, according to Dan Guido, chief executive of a cybersecurity firm Trail of Bits.
“The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results.”

Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned the bug was rated a “10” for severity, meaning it has maximum impact, and rated “low” for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.

“Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera,” Beardsley said. “Anybody with systems using Bash needs to deploy the patch immediately.”

US-CERT advised computer users to obtain operating systems updates from software makers. It said that Linux providers including Red Hat Inc (RHT.N) had already prepared them, but it did not mention an update for OS X. Apple representatives could not be reached.

Tavis Ormandy, a Google security researcher, said via Twitter that the patches seemed “incomplete.” Ormandy could not be reached to elaborate, but several security experts said a brief technical comment provided on Twitter raised concerns.

“That means some systems could be exploited even though they are patched,” said Chris Wysopal, chief technology officer with security software maker Veracode.

He said corporate security teams had spent the day combing their networks to find vulnerable machines and patch them, and they would likely be taking other precautions to mitigate the potential for attacks in case the patches proved ineffective.

“Everybody is scrambling to patch all of their Internet-facing Linux machines. That is what we did at Veracode today,” he said. “It could take a long time to get that done for very large organizations with complex networks.”

“Heartbleed,” discovered in April, is a bug in an open-source encryption software called OpenSSL. The bug put the data of millions of people at risk as OpenSSL is used in about two-thirds of all websites. It also forced dozens of technology companies to issue security patches for hundreds of products that use OpenSSL.

Bash is a shell, or command prompt software, produced by the non-profit Free Software Foundation. Officials with that group could not be reached for comment.

Reuters

- Advertisement -

Related Articles

OnePlus not launching OnePlus 8T Pro This Year

OnePlus CEO Pete Lau has confirmed that OnePlus 8T Pro will not launch in 2020. The announcement was made via a Weibo post where...

PUBG Mobile ban in India will not revoke by the government

It has been almost a month since the government banned the PUBG Mobile game in India. Many attempts by authorities are being made so...

What is SLED, how realme gave TV industries a new look with the help of this technology?

Realme has also made a strong place in the TV segment after smartphones. The company has used SLED technology in its TV segment which...

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

43,178FansLike
535FollowersFollow
45,700SubscribersSubscribe

Latest Articles

OnePlus not launching OnePlus 8T Pro This Year

OnePlus CEO Pete Lau has confirmed that OnePlus 8T Pro will not launch in 2020. The announcement was made via a Weibo post where...

PUBG Mobile ban in India will not revoke by the government

It has been almost a month since the government banned the PUBG Mobile game in India. Many attempts by authorities are being made so...

What is SLED, how realme gave TV industries a new look with the help of this technology?

Realme has also made a strong place in the TV segment after smartphones. The company has used SLED technology in its TV segment which...

PUBG Mobile will not return to India, PUBG Mobile Ban in India Permanent for now

PUBG News: Several Chinese apps were banned by the Indian government, including the popular Battle Royal game PUBG Mobile. The game had a large...

Samsung Galaxy A42 5G may be launch with the latest Snapdragon 750G processor, the report reveals

Samsung's upcoming smartphone Samsung Galaxy A42 5G has been in the discussion for a long time. Recently...