New bug in Linux and Mac OS X could be worse than Heartbleed

Security experts are flagging a new bug in Bash, a type of popular Linux software, saying it could be more dangerous to users than Heartbleed.

Bash, which is used to control the command prompt on Unix computers, contains a bug that would allow hackers to take over a system. Built by the Free Software Foundation, a non-profit organization, the software was designed for users to initiate command prompts.

While Heartbleed was widespread and sparked headlines in the news, the vulnerability in Bash is considered riskier as Heartbleed only allowed attackers to spy on users through their computers, according to a story published today in the Financial Post.

What you need to know:

– It’s not just security experts who have issued warnings about the bug in Bash. The United States Computer Emergency Readiness, a branch of the U.S. Department of Homeland Security, has sent out an alert about the bug, which could affect anyone using Linux or Apple Inc.’s Mac OS X. The department has since told consumers to install operating systems updates. While Red Hat Inc. has reportedly already built them for Linux, Apple has yet to create one for Mac OS X.

– It’s even easier to exploit the vulnerability in Bash than it was for hackers to take advantage of Heartbleed, one security expert says. Dan Guido, chief executive of Trail of Bits, was quoted in the Financial Post as saying using this vulnerability is as easy as a quick copy-and-paste job.

– The vulnerability in Bash could be a headache for a lot of companies, as IT administrators will be scrambling to patch computers that run Linux or Mac OS X and that also access the Internet. For larger organizations, that task could take some time to finish.

– Even if companies patch their Linux and Mac OS X machines for the vulnerability, there’s still a fear out there that the patches aren’t enough, and that hackers could still find ways to exploit the bug. That means companies may need to consider another way to protect their systems, on top of issuing patches.

Candice So
Candice So
Candice is a graduate of Carleton University and has worked in several newsrooms as a freelance reporter and intern, including the Edmonton Journal, the Ottawa Citizen, the Globe and Mail, and the Windsor Star. Candice is a dog lover and a coffee drinker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web