Submission   7,566

ADVERTISEMENT

Overview

The Shellshock Bug is a security flaw in the Unix Bash Shell which can be used by attackers to grant unauthorized access to computer systems, including Apple's Macintosh computers and smartphones running the Android operating system. After it was discovered in early September 2014, reports of hackers using the bug to create bot nets for DDoS attacks began widely circulating online.

Background

In 1987, programmer Brian Fox wrote the Bash Shell as a free piece of software which was subsequently used on a variety of computer operating systems, including GNU, Linux and Mac OS X. In 1992, Fox handed over Bash to programmer Chet Ramey, who maintained the software as a hobby. According to an interview with the New York Times,[1] Ramey speculates he may have introduced the Shellshock bug in a software update after taking control of Bash that year. On September 12th, 2014, Ramey was contacted by programmer Stephane Chazelas about a Bash security flawed he dubbed "Bashdoor." On September 24th, Seclist[2] mailing list member Florian Weimer started a thread about the discovery, noting an official upstream patch would be released soon. That day, Twitter user Andreas Lindh[4] posted a tweet referring to the bug as "Shellshock" (shown below).

Notable Developments

Compromised Machine Reports

By September 25th, reports began circulating that hackers were attempting to exploit the vulnerability with malware titled "Bashlite." That day, the software security company Kapersky Labs claimed three machines had been compromised and were carrying out DDoS attacks against various unidentified targets.[3] On September 26th, the network security company Incapsula reported that upwards of 17,000 attacks were being carried out against more than 1,800 web domains in the United States and China over the past 24 hours.[5]

Apple Statement

On September 26th, Apple released a statement informing Mac OS X users that the "vast majority" were not at risk to the being compromised by the bug:

"The vast majority of OS X users are not at risk to recently reported bash vulnerabilities… With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users."[6]

Search Interest

External References



Share Pin

Recent Images 1 total


Recent Videos 0 total

There are no recent videos.




Load 14 Comments
See more