Remember that computer vulnerability dubbed the Heartbleed bug discovered earlier this year, which security specialists said could put about two thirds of all websites at risk of being hacked? Well, now there’s something even worse, they say. It’s called Bash and the Department of Homeland Security’s U.S. Computer Emergency Readiness Team says it can allow crooks to remotely take control of widely used Unix-based operating systems, such as Linux and Mac OS X.
Security researchers have discovered a vulnerability in the system software used in millions of computers, opening the possibility that attackers could execute arbitrary commands on web servers, other Linux-based machines and even Mac computers. Some researchers say Shellshock, which affects an application called Bash (which is why it’s often simply called the “Bash Bug”), is potentially more serious and widespread than the Heartbleed bug discovered in April, though the two vulnerabilities are quite different in nature. Unlike Heartbleed, which forced users to change their passwords for various Internet services, Shellshock doesn’t appear to have any easy solutions for average users right now. In most cases, it will be up to system administrators and software companies to issue patches.