Latest in Bash

Image credit:

'Bash' command flaw leaves Linux, OS X and more open to attack

Share
Tweet
Share
Save

Sponsored Links

Apparently, the internet has more deep-seated security bugs to worry about than Heartbleed. Researchers have discovered a longstanding flaw in a common Unix command shell (bash) for Linux and Macs that lets attackers run any code they want as soon as the shell starts running. They can effectively get control of any networked device that runs bash, even if there are limits on the commands remote users can try. That's a big problem when a large chunk of the internet relies on the shell for everyday tasks -- many web servers will call on it when they're running scripts, for example.


There are already patches for multiple Linux variants (CentOS, Debian, Redhat), and big internet services like Akamai have already taken action. However, the age and sheer ubiquity of the exploit means that there are some older servers and other internet-connected devices that won't (and in some cases, can't) be fixed. In other words, there's a chance that everything from poorly maintained websites to your home security camera will remain vulnerable. Some devices will be protected, however, as security researcher Paul McMillan notes that many embedded devices "use BusyBox, which is not vulnerable." It's unlikely that hackers will breach many of the major sites you visit thanks to their quick responses to the flaw, and many of your existing gadgets are probably safe. Having said this, it's hard to know exactly how far reaching the damage may be -- it could take years before there's no longer a significant threat.

[Image credit: Robert Graham, Twitter]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
How to find Apple deals this Black Friday

How to find Apple deals this Black Friday

View
Weber embraces modern grilling with a WiFi-enabled pellet model

Weber embraces modern grilling with a WiFi-enabled pellet model

View
Watch the first trailer for HBO's 'Avenue 5' sci-fi space comedy

Watch the first trailer for HBO's 'Avenue 5' sci-fi space comedy

View
John Legere is stepping down as T-Mobile CEO next April

John Legere is stepping down as T-Mobile CEO next April

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr