'Bash' Bug Threatens Security of OS X and Linux Users

 

canstock15239169Another day, another bug. Just a few months after correcting Heartbleed, researchers discover a new security flaw that exposes millions of users through the Apple, Linux,  Unix and Apache operating systems and servers. "Shellshock," as it's being called, could be even more widespread than Heartbleed, though the two are not similar vulnerabilities.

'Bash' &  Shellshock

In simple terms, 'bash' is a commonly used utility in each of the systems above which we now know contains a flaw that can be exposed by an attacker. Through exploiting this hole, a motivated hacker could potentially take control of an entire system.  And unfortunately, the bug has gone undetected for a very long time which will make it difficult to squash completely.

The Good News

Patches for Shellshock are already being pushed out for Linux, and OS X is expected to release one soon. The odds of Shellshock impacting you are probably pretty slim if you use standard security precautions.

How to tell if you're vulnerable

To test if your version of Bash is vulnerable to this issue, Red Hat says to run this command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system responds with the following, then you're running a vulnerable version of Bash and you should apply any available updates immediately.

  vulnerable

  this is a test

bash-640x360 2

H/T: The Verge, PC World, Mashable, Tryhunt.com

Topics: News

Have technology questions or want to learn more about how Tech Impact can help your nonprofit? Give us a call 1-888-798-1350 or browse our Technology Services For Nonprofits.


Tech Impact provides hands-on technology support to nonprofits. Learn More