The latest security vulnerability was uncovered last week, and the effects have been compared to the Heartbleed bug from earlier this year. This new bug, which is being referred to as 'Shellshock', has been uncovered in a commonly used piece of software called Bash.
Both Apple and Oracle are scrambling to release a fix for their users. Apple says that the majority of its users are not impacted by the bug; only its advanced users should be concerned. I was surprised to see an alert from GoDaddy related to my web hosting accounts early Saturday morning, stating that this bug may be affecting some of its hosting accounts.
Bash was created in 1987, and has been maintained by a software developer named Chet Ramey for the last 22 years. Mr. Ramey thinks that the vulnerability may have been introduced back in 1992 - 22 years ago. This bug is considered to be of high impact - hackers have the potential ability to entirely take over another machine. Additionally, it is considered to be a relatively easy bug to exploit.
As of today, patches have been released to help remove the vulnerability. If you utilize any Linux or Unix related systems, you should definitely make sure that your software is up-to-date. You should also be mindful of any hardware updates that may come up in the near future, such as for routers. Windows users shouldn't have anything to worry about, as the bug doesn't affect this system.
As soon as the bug was announced, hackers began to take advantage of the flaw. The patches truly couldn't come soon enough for many users. Most of these attacks have been denial-of-service attacks. While most larger companies are developing fixes and patching their systems, the concern is that smaller companies may not do the same as quickly.
A vulnerability such as this just goes to show you that no piece of software is safe; and the effects of one can be fast and widespread. Even software that was created nearly 30 years ago can be exploited.
No comments:
Post a Comment