Latest in Bash

Image credit:

The Shellshock command security flaw isn't really fixed yet

Jon Fingas, @jonfingas
September 28, 2014
107 Shares
Share
Tweet
Share

Sponsored Links

Don't get too comfy just because companies are rolling out patches for the Shellshock security bug -- as it turns out, even updated websites and devices remain at risk. Developers are reporting that they can still run any code they like (and thus hijack systems) through the bash command shell simply by using instructions that aren't covered by existing safeguards. You can use a common variable like "cat" (concatenate) to bypass the defenses, for instance. The only surefire fix may be a fundamental change to how the shell handles variables, which could break legions of apps and services. You still don't have much reason to worry about your home Mac or Linux PC, but it's now considerably less likely that the sites and connected gadgets you use will will be truly immune to Shellshock-based attacks.

[Image credit: Robert Graham, Twitter]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
107 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Alleged Twitter hacker was previously caught stealing a fortune in Bitcoin

Alleged Twitter hacker was previously caught stealing a fortune in Bitcoin

View
A $13,000 electric car will go on sale in the US by late 2020

A $13,000 electric car will go on sale in the US by late 2020

View
Tesla is reportedly close to making a more affordable Model Y

Tesla is reportedly close to making a more affordable Model Y

View
Pixel 4a review: The best $350 phone

Pixel 4a review: The best $350 phone

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr