Latest in Bash

Image credit:

The Shellshock command security flaw isn't really fixed yet

Jon Fingas, @jonfingas
September 28, 2014
Share
Tweet
Share

Sponsored Links

Don't get too comfy just because companies are rolling out patches for the Shellshock security bug -- as it turns out, even updated websites and devices remain at risk. Developers are reporting that they can still run any code they like (and thus hijack systems) through the bash command shell simply by using instructions that aren't covered by existing safeguards. You can use a common variable like "cat" (concatenate) to bypass the defenses, for instance. The only surefire fix may be a fundamental change to how the shell handles variables, which could break legions of apps and services. You still don't have much reason to worry about your home Mac or Linux PC, but it's now considerably less likely that the sites and connected gadgets you use will will be truly immune to Shellshock-based attacks.

[Image credit: Robert Graham, Twitter]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

AOC's 'Among Us' Twitch stream peaked at over 435,000 viewers

AOC's 'Among Us' Twitch stream peaked at over 435,000 viewers

View
LG's rollable OLED TV goes on sale for $87,000

LG's rollable OLED TV goes on sale for $87,000

View
Cyberpunk 2077's dialogue was lip-synced by AI

Cyberpunk 2077's dialogue was lip-synced by AI

View
iPhone 12 and 12 Pro review: Apple enters the 5G era

iPhone 12 and 12 Pro review: Apple enters the 5G era

View
'Pokémon Go' gets AR Mapping tasks to enable more realistic effects

'Pokémon Go' gets AR Mapping tasks to enable more realistic effects

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr