Security team at Red Hat as uncovered a new and very dangerous type of security flaw present in the Bash Shell that has left open a huge security loophole that can be utilized by any hacker to gain access to any software installed on a computer.
The new bug called ‘Bash Bug’ is said to be a disaster for every company that deals with internet connectivity and devices like IP cameras or small-scale web hosts. The bug allows any potential hacker to use the bash shell, available on PC via CMD or on Mac via Terminal application, to take control of the OS and access any sort of information stored on the computer.
Bash shell is a very common thing and majority of programs that are running on an OS use it to execute tasks in background. The bug can be triggered by just entering some extra lines of code in the bash code of any application or a program that tends to use Bash shell. Security expert Robert Graham said,
“We’ll never be able to catalogue all the software out there that is vulnerable to the Bash bug. While the known systems (like your Web server) are patched, unknown systems remain unpatched. We see that with the Heartbleed bug: six months later, hundreds of thousands of systems remain vulnerable.”
According to him, the number of systems and software applications that are required to be patched to defend against this ‘Bash Bug’ is far greater than those who had the Heartbleed bug. He also said that more than half a million websites that are live on internet are vulnerable to this bug.
A scan was conducted to test the internet vulnerability, Graham found out that the bug can easily bypass any firewall or antivirus software installed on a system and can affect many more systems in the network.