Shellshock bug: what is it and how can I protect myself?
Some experts say that the Shellshock bug could be more serious than Heartbleed and could compromise up to 500m computers worldwide
Security researchers have discovered a "deadly serious" bug called Shellshock which could allow hackers to take control of hundreds of millions of computers and web servers.
Just six months after the Heartbleed Bug caused panic among internet users, prompting many to change their passwords online, security researchers have uncovered another flaw that exists in some of the world's most popular computer software.
The newly identified Shellshock vulnerability, also known as the Bash bug, affects computer code found in Apache web servers and Apple's Mac OS X software.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Reuters says that Shellshock has the potential to cause more damage than Heartbleed because it allows hackers to gain complete access to an infected machine, which could let them not only to steal data but also alter or destroy information, attacking websites and even shutting down some networks.
Who will be affected?
The computer program Bash (explained below) exists on many computers that run an older operating system called Unix. Many Apple computers use Bash, as do a lot of web servers, but not every computer that runs Bash will be susceptible to the Shellshock bug. According to Vox, Apple MacBooks "don't seem to be running services that use Bash in an unsafe way, [so] they are probably not vulnerable to hacks from across the internet." However, experts believe that many of Apple's desktop iMac computers could be affected.
Most Microsoft software doesn't use Bash, so Windows-based PCs will be safe and, Vox says, Android-based systems are also likely to be unaffected.
Many experts think that the most likely target will be web servers running Apache software, the International Business Times says. This is "a big problem", the website says, given that up to 60 per cent of the web servers use Apache.
What is Bash?
Bash stands for Bourne Again Shell. It is basically a computer program that allows users to type in commands, which the computer will then carry out. Bash came into use in the 1980s and although the vulnerability has only recently been discovered, it has been around for 25 years.
How can I protect myself?
Unfortunately, there is not a whole lot you can do. Vox advises that Mac users keep an eye out for an update to their software and install it as soon as possible. In the meantime, it might be a good idea to avoid logging in to untrusted wifi networks, such as coffee shops. For the most part, though, the problem does not affect servers rather than individual computers "so most of the heavy lifting needs to be done by security professionals, not the rest of us".
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
-
Will Starmer's Brexit reset work?
Today's Big Question PM will have to tread a fine line to keep Leavers on side as leaks suggest EU's 'tough red lines' in trade talks next year
By The Week UK Published
-
How domestic abusers are exploiting technology
The Explainer Apps intended for child safety are being used to secretly spy on partners
By Chas Newkey-Burden, The Week UK Published
-
Scientists finally know when humans and Neanderthals mixed DNA
Under the radar The two began interbreeding about 47,000 years ago, according to researchers
By Justin Klawans, The Week US Published