A new security bug has been found recently, and it is as big as Heartbleed, a bug discovered a few months back. This safety bug is called ‘Shellshock’ and it is revealed in a common program that runs on Linux and UNIX operating systems. The range of this bug is quite big and now that hackers are aware of this, it could lead to severe safety risks for many users. Not since Heartbleed, we have seen such a safety bug operate on such a big scale.
What is Shellshock?
Shellshock is a security weakness seen in Bash. Bash is a command shell that is basically used on UNIX and Linux operating systems and it has been present since 1989. Disturbingly, Shellshock has been around for more than 20 years now and it is yet unidentified if it was unintentionally developed by the developer. Just like Heartbleed, Shellshock seems to have been present there for a long time and has been unidentified by several security audits.
How does Shellshock work within it and what is Bash?
Shellshock is what is basically termed as Remote Code Execution (RCE) weakness within Bash. Just like we have the Command Prompt on Windows, UNIX and Linux have the command shell known as Bash. It helps the user run other applications within the system and Bash simply defines “Bourne Again Shell”.
Using the Shellshock weakness, an attacker can affect desktops using a method known as command injection. Through this method, Shellshock can run a program on Bash without allowing the user and without logging on to the PC itself. Since Bash runs multiple applications in the background, all the hackers needs to do is ensure that his malicious code is not spotted. Safe looking data contains infected code that gets executed in this situation.
Who is susceptible to Shellshock?
Bash is normally used in Apple’s OS X operating system. As well, it is also available in numerous web-servers and home appliances like the routers and other devices which use the Internet. This leads to further issues as updates for these gadgets are not simple to acquire or execute. As a result, Shellshock could simply disrupt various services and homes.
With Heartbleed, a hacker could only steal data saved in the memory of devices. But, with Shellshock, it can gain full access of the device. Hence the possible risk here is far greater.
Are Microsoft Windows users also susceptible to Shellshock?
Till now, users of Linux, UNIX and Apple Macs based devices are susceptible to Shellshock and the Bash susceptibility. Windows users are not directly susceptible to the same. But, attackers are working on ways to make use of this weakness against Windows users as well. So it is highly suggested that Windows users keep their OS and safety software totally updated at all times.
So what is the solution for Shellshock?
There are numerous programs and methods that stop command injection. But, the difficulty is that no one exactly knows what instructions to look for as hackers can mask it well. Placing a few words of infected code within thousands of lines is very simple, and pinpointing it is like finding a needle in a haystack. User can simply go for Computer Optimizer, to get some sort of protection from Viruses.
The best solution here is for Bash to be updated by the people who use it. If there are any other vendor-specific updates obtainable, they should be started as well.