New warning on computer vulnerability from US

Security consultant Graham Cluley warns that the malware that affects Apple and Unix operating systems could be more damaging than the Heartbleed malware that recently caused havoc around the world. Image: Twitter

A warning from the US Department of Homeland Security's Computer Emergency Readiness Team (CERT) said the flaw affects Unix-based operating systems powered by Linux and Apple's Mac OS.

CERT said that if hackers exploit this they could take control of a PC: "Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system."

The agency said a patch was available for the flaw, described by security researchers as "Bash" or "Shellshock."

Some said the flaw was similar to the "Heartbleed" bug which affected millions of computers worldwide earlier this year.

"One serious concern is that malware authors could exploit the vulnerability to create a fast-spreading worm," said independent security consultant Graham Cluley.

"If such a worm materialised it would, without question, make the Bash bug a more serious threat than the Heartbleed OpenSSL bug that impacted many systems earlier this year," Cluley said on his blog.

"The difference is that Heartbleed allowed unauthorised parties to spy on computers, whereas the Shellshock Bash bug allows attackers to hijack computers, and use them for their own purposes," he added.

Johannes Ullrich at the SANS Internet Storm Centre said the patch for the flaw is incomplete and that people using affected systems should try to implement additional measures which could include beefed up firewalls or software changes.

Eugene Kaspersky, who heads the Kaspersky Lab security group, said in a tweet that the flaw is serious. "The Bash bug is BAD, expect a lot of exploits and hacked websites to be disclosed in the coming weeks," he wrote.

Source: AFP via I-Net Bridge