Latest in Bash

Image credit:

The Shellshock command security flaw isn't really fixed yet

107 Shares
Share
Tweet
Share
Save

Sponsored Links

Don't get too comfy just because companies are rolling out patches for the Shellshock security bug -- as it turns out, even updated websites and devices remain at risk. Developers are reporting that they can still run any code they like (and thus hijack systems) through the bash command shell simply by using instructions that aren't covered by existing safeguards. You can use a common variable like "cat" (concatenate) to bypass the defenses, for instance. The only surefire fix may be a fundamental change to how the shell handles variables, which could break legions of apps and services. You still don't have much reason to worry about your home Mac or Linux PC, but it's now considerably less likely that the sites and connected gadgets you use will will be truly immune to Shellshock-based attacks.

[Image credit: Robert Graham, Twitter]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
107 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
Nubia’s $529 dual-screen phone is now available in the US

Nubia’s $529 dual-screen phone is now available in the US

View
Leaked 'Fortnite' Chapter 2 trailer showcases a new map and boats

Leaked 'Fortnite' Chapter 2 trailer showcases a new map and boats

View
Microsoft starts inviting people to try Project xCloud

Microsoft starts inviting people to try Project xCloud

View
Twitter temporarily banned pro-Trump meme creator Carpe Donktum

Twitter temporarily banned pro-Trump meme creator Carpe Donktum

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr