'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
Security researchers from Red Hat have
uncovered a new exploit in the common "Bash" command shell found in OS X and Linux which can be used to deploy malicious code with minimal effort. Due to the ubiquity of the Bash shell, the exploit can affect a wide variety of different web-connected devices and properties, including unsecured websites, smart home appliances, servers, and more.
Security researcher
Robert Graham noted on his blog that the Bash exploit is "as big as
Heartbleed," referring to the flaw discovered earlier this year in the popular OpenSSL software which secures connections between clients and servers:
Internet-of-things devices like video cameras are especially vulnerable because a lot of their software is built from web-enabled bash scripts. Thus, not only are they less likely to be patched, they are more likely to expose the vulnerability to the outside world.
Unlike Heartbleed, which only affected a specific version of OpenSSL, this bash bug has been around for a long, long time. That means there are lots of old devices on the network vulnerable to this bug. The number of systems needing to be patched, but which won't be, is much larger than Heartbleed.
Heartbleed was said to have affected 66% of the Internet, although Apple
announced in April that the exploit did not affect its software or "key services." Apple also
released updates for the AirPort Extreme and Time Capsule to better secure both web devices against Heartbleed.
A topic discussing the Bash exploit on
StackExchange also notes that Apple did not include a fix for the bug in its latest round of
security updates that came alongside the release of
OS X Mavericks 10.9.5 last week. It is possible however that Apple will release a fix for OS X in the near future to address the exploit, similar to what it has done for other security issues in the past.
Recent Mac and iOS Blog Stories •
Apple Launches Yosemite 'AirDrop Test Fest' For AppleSeed Members •
iPhone 6 Touch ID Still Vulnerable to Specialized Fake Fingerprint Hack •
Now TV Adds New Entertainment and Sky Movies Passes to Apple TV in UK •
iPhone 6 Plus Bending Limits Tested in New Video •
Apple Opening Retail Store in Hanover, Germany on September 27 •
'iPod Father' Tony Fadell Comments on Discontinuation of iPod Classic •
Apple Releases OS X Yosemite Mail Update for Developers and Public Beta Testers •
iPhone 6 and 6 Plus Capable of Faster Charging Using iPad 2.1A Adapter<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/3ecee92e/sc/21/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/208961217829/u/49/f/648327/c/35070/s/3ecee92e/sc/21/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/EDYoowEdmq8" height="1" width="1"/>
Source:
'Bash' Security Flaw in OS X Allows for Malicious Attacks on Devices and Services
