‘Deadly serious’ new vulnerability found – “Shellshock”

 A “deadly serious” bug has been discovered that could potentially affect hundreds of millions of computers, servers and devices.

The bug, dubbed “Shellshock” is a flaw that has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple’s Mac operating system.

Researchers say that it can be used to remotely take control of almost any system using Bash and some experts say it is more serious than Heartbleed, discovered in April.

“Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system,” Prof Alan Woodward, a security researcher from the University of Surrey, told the BBC.

“The door’s wide open.”

Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.

The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.

Read more: http://www.bbc.co.uk/news/technology-29361794