Author Topic: Shellshock: Apple / Linux vulnerability  (Read 3405 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35167
Shellshock: Apple / Linux vulnerability
« on: Thursday, 25 September, 2014 @ 15:00:02 »
Quote
Shell Shock: Bash bug labelled largest ever to hit the internet

A new security vulnerability found in everything from iPhones and laptops to light bulbs and web cameras has been dubbed by security experts as worse than Heartbleed, the bug found earlier this year that affected almost every device.

Using the exploit, a hacker could take control of a device — such as a web camera or web server — and steal information from it, like live imagery or credit card information.

Robert Graham, a security consultant at Errata Security who has been monitoring the bug... said there was not much consumers could do but ensure their home routers' firewalls were correctly configured to stop hackers from exploiting vulnerable devices on their networks.

The US Department of Homeland Security's United States Computer Emergency Readiness Team, or US-CERT, issued an alert about the bug.

It said Apple's desktop and laptop operating system was vulnerable, as well as many other Linux-based systems.

The US Department of Homeland Security's United States Computer Emergency Readiness Team, or US-CERT, issued an alert about the bug.

It said Apple's desktop and laptop operating system was vulnerable, as well as many other Linux-based systems.

The Australian government's CERT Australia, which helps protect critical infrastructure in Australia as well as businesses, also issued an alert late on Thursday evening.

The federal government's Stay Smart Online alert service for consumers issued a warning too, which says consumers should ensure software updates are applied to their systems and devices when they become available.
http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html


Quote
Shellshock: 'Deadly serious' new vulnerability found

A "deadly serious" bug potentially affecting hundreds of millions of computers, servers and devices has been discovered.

The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.

The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.

Experts said it was more serious than the Heartbleed bug discovered in April.

Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.
http://www.bbc.com/news/technology-29361794


Quote
The severity of Shellshock has been recognized by even the US government, with the US Department of Homeland Security releasing a warning about the bug and providing patches to fix affected servers.

Despite this, security experts have said that the affect of Shellshock will be minimal. “Of the top 10 ways hackers will hack computers this year, this won't make the list.”
http://www.independent.co.uk/life-style/gadgets-and-tech/shell-shock-bash-bug-bigger-than-heartbleed-could--undermine-security-of-millions-of-websites-9754720.html


If you're using an Apple Mac or Linux PC you can check if it's vulnerable to Shellshock, see http://grahamcluley.com/2014/09/shellshock-bash-bug-test/


So far as I can make out, fixes are available (via downloading the latest updates) for the latest versions of Ubuntu and Linux Mint, not yet for Apple devices.