TMCnet News
'Bash' computer bug could hit millions of Macs, technologists warn [China Daily: Hong Kong Edition](China Daily: Hong Kong Edition Via Acquire Media NewsEdge) The US government and technology experts warned on Thursday of a vulnerability in some computer-operating systems, including Apple's Mac OS, which could allow widespread and serious attacks by hackers. The flaw affects "Unix-based operating systems" powered by Linux and Apple's Mac OS, said the warning from the US Computer Emergency Readiness Team, part of the Department of Homeland Security. CERT said that if hackers exploit this, they could take control of a computer. "Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system," it said. The agency said a patch was available for the flaw, which is described by security researchers as "Bash" or "Shellshock." Some said the security hole would be more damaging than the "Heartbleed" bug that affected millions of computers worldwide earlier this year. 'Bigger than Heartbleed' "This is going to be much bigger than Heartbleed," said Rahul Kashyap, chief security architect at Bromium Labs, a California-based security firm. Kashyap said the Bash bug could affect millions of devices, from Web servers to Macintosh computers to webcams that connect to the Internet using open-source operating systems based on Linux. Because the software is so prevalent, "it means attackers can get into your house, your home routers", Kashyap said. "They could deface a lot of websites on the fly. A lot of damage can be done, and it's a very simple code." Even though no exploiting of the flaw was seen in the first hours since the vulnerability was made public, Kashyap said he expects "a huge impact in the next few days." Independent security consultant Graham Cluley agreed that if hackers create a worm that exploits the flaw, "it would, without question, make the Bash bug a more serious threat than the Heartbleed OpenSSL bug that impacted many systems earlier this year." While Heartbleed let unauthorized parties spy on computers, "the Shellshock Bash bug allows attackers to hijack computers, and use them for their own purposes," Cluley said in a blog post. 'Staggering' potential Gavin Millard at the security firm Tenable also expressed concern about the scope and danger of the flaw. "The potential for attackers utilizing Shellshock is huge," he said. "With millions of Unix and Linux servers being vulnerable and running Web services that hackers can connect to, the attack surface is staggering." Johannes Ullrich at the SANS Internet Storm Center said people using affected systems "should try to implement additional measures" which could include beefed-up firewalls or other software changes. (China Daily 09/27/2014 page11) (c) 2014 China Daily Information Company. All Rights Reserved. Provided by SyndiGate Media Inc. (Syndigate.info). |