New bug worse than Heartbleed

Security experts are flagging a new bug in Bash, a type of popular Linux software, saying it could be more dangerous to users than Heartbleed.

Bash, which is used to control the command prompt on Unix computers, contains a bug that would allow hackers to take over a system. Built by the Free Software Foundation, a non-profit organization, the software was designed for users to initiate command prompts.

While Heartbleed was widespread and sparked headlines in the news, the vulnerability in Bash is considered riskier as Heartbleed only allowed attackers to spy on users through their computers, according to a story published today in the Financial Post.

What you need to know:

– It’s not just security experts who have issued warnings about the bug in Bash. The United States Computer Emergency Readiness, a branch of the U.S. Department of Homeland Security, has sent out an alert about the bug, which could affect anyone using Linux or Apple Inc.’s Mac OS X. The department has since told consumers to install operating systems updates. While Red Hat Inc. has reportedly already built them for Linux, Apple has yet to create one for Mac OS X.

– It’s even easier to exploit the vulnerability in Bash than it was for hackers to take advantage of Heartbleed, one security expert says. Dan Guido, chief executive of Trail of Bits, was quoted in the Financial Post as saying using this vulnerability is as easy as a quick copy-and-paste job.

– The vulnerability in Bash could be a headache for a lot of companies, as IT administrators will be scrambling to patch computers that run Linux or Mac OS X and that also access the Internet. For larger organizations, that task could take some time to finish.

– Even if companies patch their Linux and Mac OS X machines for the vulnerability, there’s still a fear out there that the patches aren’t enough, and that hackers could still find ways to exploit the bug. That means companies may need to consider another way to protect their systems, on top of issuing patches.

 

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now