It was revealed that Red Hat security researchers had uncovered a huge exploit in the `Bash’ command shell found in OS X and Linux named `Shellshock’ by security experts wherein the exploit enables hackers to gain access through web connected devices and service with the use of malicious code.
The exploit which was called `as big as Heartbleed’, by Robert Graham, security researcher was referring to a flaw which was discovered earlier this year in the well-known open source software OpenSSL that had affected the internet by 66% .
Apple had informed that Hearbleed had not affected its software or key services and had also released updated for AirPort Extreme as well as Time Capsule assuring users that they would be fixing the Bash exploit issue at the earliest.
Shellshock Enabling Access to Hackers
Bash being the software in controlling the command prompt on several Unix computers,can be exploited to take total control of the system. Linux is used to everything and the bug could affect Windows, Android and IBM machines.
According to the Director of Cyber at Warwick University, Professor Tim Watson, he informed MailOnline stating that `the impact could be very severe and it’s not overstating it to say that it’s a more serious bug than Heartbleed’.
He further continued saying that `the primary way this is going to be exploited is through the web; a hacker could use the bug to place malicious things on the website or steal information like banking details.
The bug going by the name Shellshock could also allow potential hackers in gaining accessing to every internet enabled device which could be used in the user’s home with the use of something as a smart lightbulb.The danger with regards to this is that no sooner it gains access to an internet connected device; it could jump onto others which include smart locks which can open locked doors.
Software Update for OS X
Apple has been aware of this recent discovered bash exploit named Shellshock and is striving to work quickly in providing a software update for OS X, which is the operating system running on the Mac. As per Apple spokesperson conveyed to iMore is that the vast majority of OS X users would not be at risk to the recent reported bash exploit.
Bash, is a Unix command shell and language that is included in OS X, has a weakness in enabling unauthorized users to gain control of vulnerable systems, remotely. Systems are safe by default with OS X and are not exposed to remote exploits of bash unless they tend to configure advanced Unix services.
Apple is working on ways to provide a software update for users of advanced Unix services. Most of Linux and Unix based operating systems including OS X, across the globe have been affected by the exploit and millions of computers as well as embedded devices will be needed to be updated at the earliest.
If a user is advanced enough in enabling the types of service that can be exploited by Shellshock then there is a chance of turning those services off temporarily or patch bash using Xcode.For others, they could stay informed with updates to understand that there is no high level risk at this point.