contador web Skip to content

Security flaw discovered that targets Unix-based operating systems, including OS X

Remember the Heartbleed bug? Now we have another big flaw to worry about, called Shellshock.

Basically, Shellshock a bug in Bash (a shell command interpreter widely used in Unix-based operating systems, such as OS X and Linux) which allows malicious people to run code as soon as an open program. That is, if the shell open it is possible to run a malicious code.

The curious thing is that the failure is very old and we, OS X users, are unprotected. To see if your Mac is vulnerable, just open the Terminal (use Spotlight or locate it in the / Applications / Utilities / folder) and enter the following command:

(code lang = ”cpp”) env x = '() {:;}; echo vulnerable ’bash -c‘ echo hello '(/ code)

Shellshock

Most likely the response to the command is vulnerable, as in the image above.

Several Linux variants (such as Red Hat, CentOS, Ubuntu, Debian and Fedora) have corrections, although they do not solve the problem completely. Large server companies, such as Akamai, have also taken action. In our case (OS X users), we have to wait for Apple to release a security update. The problem is that, due to the age and extent of the failure, many older servers and devices connected to the internet (cameras, routers, etc.) simply should not or may not even receive a correction; those using BusyBox are protected, as it uses a shell different.

Some experts are saying that the flaw is as big or even bigger than Heartbleed, and that the thing is so widespread that it will be difficult to correct everything.

(via Engadget)