A security hole has been discovered in Bash that jeopardizes the security of Linux and Mac users. This vulnerability, dubbed ‘Shellshock’, affects the command interpreter in these operating systems.
So what does this mean? To give you an idea, this flaw could allow a cyber-criminal to remotely access a system using Bash and insert spyware designed to steal confidential information or even take control of the system.
The hole was discovered by Stephane Schazeblas and it would appear that it is more serious than Heartbleed, the vulnerability discovered in the OpenSSL library last April. According to the CVSS rating of the security hole, Shellshock has a score of 10, while Heartbleed was rated 5.
What can you do to protect yourself from the Bash vulnerability? Update your software and keep your operating system up-to-date.
*** Update
A thorough investigation carried out by Panda Security shows that GateDefender appliances are not affected. The way the GateDefender credentials and the operating system are designed make it safe.
The bash command shell built-in in GateDefender is reserved for system service use only and is not available to public users.
Despite this and for preventive purposes only, Panda Security is working on the patches addressing this bash vulnerability and to provide them as soon as possible.
* Many thanks to our colleague from Critical Malware, Daniel Garcia, for his help.