The Unix Bash shell vulnerability that appeared recently is now actively being used by hackers to attack systems. Security firms have been issuing warnings and reports of attacks happening only just four hours after the revelation was made. Bash itself does not yet have an official patch, leaving an unknown number of systems vulnerable.
Securosis analyst and CEO Rich Mogull notes, that “Bash is embedded and accessed in so many ways that we cannot fully understand its depth of use. Many systems you would never think of as having a command line use bash to run other programs. I have used it myself, a bunch, in programs I have written—and I barely code. We cannot possibly understand all the ways an attacker could interact with Bash to exploit this vulnerability.”
Symantec has provided an explanation of Shellshock on its blog, and has warned that website owners should be aware of this bug and how it could be used to access their data or provide attackers with a foothold on their network. Essentially, every new patch should be installed immediately as all Linux vendors scramble to fix the problem. Mac OS X users are also warned that the operating system ships with a vulnerable version of Bash, meaning that they too should be prepared to install all security patches from Apple in the shortest time possible.
[Source: Ars Technica]
