A vulnerability has just been detected in the Bash Unix shell that is used by Mac OS X computers, Linux machines, and various other devices like routers. The Bash Bug, also known as “Shellshock,” has been rated a 10 out of 10 on the Common Vulnerability Scoring System scale that’s the tech industry standard for scoring security threats—the Heartbleed SSL vulnerability only ranked a 5.
Luckily, the exploit was discovered by an open source software company called Red Hat. They immediately reported it as a security problem, so as long as it’s patched quickly enough, it shouldn’t cause any trouble despite its severity. Basically, it works by running strings of text as commands that sneak in at the end of other commands, according to RedHat’s detailed explainer.
Manufacturers are already releasing software patches for affected devices, so try to make sure that all of your electronics are up to date. Bash is a text-based command processor, so the vulnerability would give someone who used it to gain access to your system a variety of nasty things they could use it for by running commands and installing software.
A lot of Linux distributions have already patched the bug, and you can take a look at a guide on LinuxNewsPro on how to update and properly patch your own system. But you probably already did that, because you’re using Linux and are undoubtedly a mega tech geek who knew about this bug the second the news broke.
If you’re on a Mac, you can check to see if the version of Bash you have installed is vulnerable by running a test command with a string of text after it and seeing if that text runs as well. It looks something like this:
If you’re not vulnerable, that command will return a warning and an error. Unfortunately, Apple hasn’t put out an official patch yet. There is a guide on how to update this yourself, but I’d recommend holding off for an official patch.
(via LifeHacker and Phys.org, image via Peter A. Shevstov)
- People who tried to look at leaked nudes got malware in hilarious turn of events
- A malware protection “placebo” app made a bunch of money by doing nothing
- Here’s how your body fights biological viruses
Are you following The Mary Sue on Twitter, Facebook, Tumblr, Pinterest, & Google +?
Published: Sep 25, 2014 05:40 pm