Software bug gives hackers control

Monday, Oct 06, 2014 08:22

According to VNISA, the bug allows an attacker to remotely attach a malicious file that is executable in nature. This file is attached to a variable which is executed when the Bash software is executed.— Photo echip.com.vn

HA NOI (Biz Hub) — A new fatal security threat, larger than the open SSL security loophole Heartbleed, has been discovered, according to the Viet Nam Information Security Association (VNISA).

 

The association said that the flaw lies in the way many devices communicate over the Internet. At its most basic, the loophole lets someone hack every Internet-enabled device via something as simple as a light bulb.

This new bug has been found in a widely used piece of Linux software called Bash software, which is present in most Linux and UNIX distributions and Apple's Mac OS X.

The bug was discovered by Stephane Chazelas, a French IT manager working for a software maker in Scotland.

According to VNISA, the bug allows an attacker to remotely attach a malicious file that is executable in nature. This file is attached to a variable which is executed when the Bash software is executed.

VNISA said while the Heartbleed bug allowed hackers to spy on computers but not take control of them, the new bug gives them control.

Meanwhile, according to security news portal ThreatPost, every version of the Bash software is vulnerable to the attack. But a hacker needs "specific conditions in place" to attack, which is not common.

Open source software company Red Hat said the bug affects not only the Linux operating system, which is used in everything from calculators to cars, but Apple Macs, some Android devices and Windows.

In a public warning, Red Hat researchers classified the severity of the bug as "catastrophic."

Several Internet-connected devices use the bash shell to run commands, such as "turn on" and "turn off." Generally, a device that communicates using a bash shell also looks out for extra information, such as a browser or a device. — VNS


Comments (0)

Statistic