"Shellshock" – a Critical Bug in Bash Could be Worse than Heartbleed

Security professionals all over the world are currently battling with a major security flaw discovered in Bash, a program installed on millions of computers around the world running Unix based operating systems, such as many Linux distributions, as well as Macs. The vulnerability is called CVE-2014-6271 or Shellshock and it was discovered by Stephane Chazelaz.

Whether a Unix based system is actually vulnerable is determined by the way it invokes Bash. For example, many web servers invoke it in an unsafe way and are affected as a result. Macs, PC’s running Windows, and even Android devices, are seemingly safe.

What can this vulnerability be used for?

Hackers could use it to gain remote control of the server, steal data, bring down a website, and more. Malware exploiting Shellshock has already appeared as well. It’s likely hackers will create botnets out of the vulnerable computers.

How can you protect yourself? 

Generally speaking, you cannot. That is, until this vulnerability is patched. An emergency patch has been released, but it’s only a partial fix, while waiting for the official full version.