This is a bug which is said to be very much bigger than the previous flaw called Heartbleed, which left all the secure SSL systems vulnerable, but this time a bug is found which able to compromise your system and then able to run commands or execute any malicious program onto your computer or device.
This harmful bug dubbed as ‘Shellshock’. As I said above this is a superbug, so here is, why it is called the SuperBug:
- Shellshock is a Bash bug and able to exploit any operating system.
- This Bug able to send a command to the exploited system through a code.
- The particular area, which is able to exploit the system is generally blocked, but the Bash opens all doors to the system
- Apple Mac OS X users able to run it from their terminal, others people linux operating systems also can.
- Windows is not affected in the same way, but if a hacker exploits malicious code through the flaw, they could gain access to any device, in theory, including PCs.
- Working Example: As an Apache Web Sever runs bash command to process task along with the data entered in the online forms.
This flaw has been revealed by the hackers previously, and they are using this to exploit million of users online, UK Privacy regulator has already warned.
In simple words, The flaw is ‘Bash’ which contained in a piece of software and that software used by the operating systems and other website servers.
At this time, there is not any critical update or any idea found by the security researchers to save millions of users online, and the the UK and US governments also have issued national alerts in response to the bug, warning that it may compromise organisations responsible for “critical national infrastructure” such as power stations if it is not rapidly dealt with.
Statement issued by The Information Commissioner’s Office (ICO):
The Shellshock flaw “could be allowing criminals to access personal data held on computers or other devices”, which “should be ringing real alarm bells” for British businesses which are legally obliged to keep their customers’ details secure.
“The worst thing would be to think this issue sounds too complicated – businesses need to be aware of this flaw and need to be monitoring what they can do to address it. Ignoring the problem could leave them open to a serious data breach and ultimately, enforcement action.”
Who found this Flaw?
This critical flaw was found on 12 September by Stephane Chazelas, a 38-year-old French software developer living in Edinburgh. This Flaw uncovered “by chance”, he said to The Independent Today.
After finding this flaw, Chazelas reported this to Chet Ramey, a 49-year-old American programmer working at Case Western Reserve University in Ohio, and he maintains the Bash source code.
One more important thing about the Bug is, it is in the market from last 25 years and there is a question on this, Is it being used by the hackers from years ago?
Reports online inform that, this bug has been fixed by the Apple, but not informed anyone about this.
If you are a website owner and using Linux servers, so always go for a routine check for any updates for your operating system.
If there is any crack or update related to this comes out, we will update this post soon, but for now, you should secure yourself, by keep watching your security updates :)