Home / Software & Gaming / Security / New OS X and Linux bug could be worse than Heartbleed

New OS X and Linux bug could be worse than Heartbleed

A new exploit has been discovered for Unix-based systems that some experts are claiming could be more harmful than the SSL bug, Heartbleed, which was discovered earlier this year. This new exploit is called ‘the bash bug' and allows users to take control of Bourne Again Shell (Bash), the software used to control the Unix command prompt on some systems.

This bug means that all systems using Mac OS X or Linux are potentially susceptible, the thing that makes the bash bug so dangerous though is that it only requires the user to copy and paste a single line of code in order for it to work. Afterwards, hackers can run their own malicious code and could potentially take complete control of your system.

Bash Bug security KitGuru

Fire Eye Director of Threat Research, Darien Kindlund, briefly explained why the bash bug is so dangerous:

“This bug is horrible. It's worse than Heartbleed, in that it affects servers that help manage huge volumes of Internet traffic. Conservatively, the impact is anywhere from 20 to 50 per cent of global servers supporting web pages. Specifically, this issue affects web servers using GNU bash to process traffic from the Internet. In addition, this bug covers almost all CGI-based web servers, which are generally older systems on the Internet.”

Patches for many software distros are already being sent out but the Department of Homeland Security has issued an advisory warning just in-case some users fail to take proper precautions.

According to Professor Alan Woodward from the University of Surrey, 50 per cent of active websites run on a web server called Apache, which in turn runs on Unix, making these sites potentially vulnerable. This means around 500 million active sites could potentially face problems, which is a lot worse than the 500,000 sites susceptible to the Heartbleed SSL bug.

He continued to say that while vendors are rushing out patches, it assumes that system owners know about the vulnerability, rather than prompting them to update. Many system owners may not even know that a version of Linux is running in the background, meaning that many home WiFi routers could remain exploitative.

Right now it is unknown as to just how many systems are affected overall but scans are already taking place in order to gain key statistics.

Discuss on our Facebook page, HERE.

KitGuru Says: Two horrible bug discoveries only months apart from each other. Hopefully this doesn't become a huge problem and can be contained relatively quickly. 

Source: The Inquirer

Become a Patron!

Check Also

Riot offering up to $100,000 to find Vanguard anti-cheat bugs

When Riot launched Valorant, it also launched a deeply rooted anti-cheat system, Vanguard. This anti-cheat …

61 comments

  1. Windows, once again, Master Race.

  2. windows can suck it.

  3. Windows has more viruses than a $5 whore on the Skid Row.

  4. Dude, Windows gets more viruses than Linux and Macs… I have ever get viruses on my laptop and I am happy I switched from Windows to Mac. Never regretted the switch. It got to the point where I was tired of scanning my Window Pc’s every once a week (Would often get Trojans and Malwares). Now I only scan once a month and never caught a virus my 5 years. I love my Macs!

  5. Sounds like you have some experience w that emma

  6. Windoze is only good for games. Linux is FAR superior.

  7. Then that’s your fault. I scan my 2 windows laptops once a week and never have any kind of malware.

  8. At least it doesn’t run on 22-year-old Linux.

  9. What home routers use bash? Practically all embedded systems like that use Busybox or something similar because its small. Even most desktop systems don’t use bash for system processes because its extra features consume lots of resources. Sounds like this affects human user accounts the most.

  10. That you know about. I installed EMET to be extra careful but there is still no guarantee of total protection.

  11. Yes, until 500 Million sites running on it are suddenly vulnerable.

  12. More, yes, but the majority are mere annoyances, the few made for mac and linux are far more destructive. And the majority of them come from “poor” browsing habits or malicious emails. Macs still need anti-virus, and anybody telling you they don’t better be willing to put their financial info on the line on your behalf for advising so.

  13. Yeah, Windows XP gets viruses. I haven’t gotten jack in the way of trojans and viruses since going to Vista and then all the way to 8.1 Update 1.

  14. If you were frequently getting viruses and malware, you have no one to blame but yourself. You just have to know how to take care of your computer, and you’ll be fine. Don’t go to seedy parts of the internet, don’t download every random file you see, and scan/sandbox those that you’re unsure of. I very rarely run virus/malware scans, and the large majority of the time when I do, I come up clean.

    OSX may be idiot-proof, but all that really teaches people is that they’re free to be idiots and do whatever the hell they feel like online. Security is good, but I’d argue that learning to avoid viruses in the first place is a much better technique than relying on your secure operating system to deal with things.

  15. Stupid you are, breed you should not.

  16. Actually this one affects mainly MacOS

  17. Windows gets more viruses than Linux and Macs because Windows has 95% of the market share. When either Linux distros or Macs get 95% of the market share, you’ll see as much bad code if not more than Windows has. It’s supply and demand. More people are going to write malicious code for Windows because that code will reach far more computers than writing one for mac or *nix systems. NO piece of software, NONE, can protect the user against the biggest vulnerability of ANY system, regardless of what system it is: the end user.

    I run Windows. I like Windows. I have enjoyed Fedora and Ubuntu. Soon, I will enjoy OS X. Each has strengths and weaknesses. I don’t worry about malware or malware scanners on any of these because I use safe computer practices. Actually, it could be safer because I let far too many games run as admin on Windows, but still, i don’t worry about it.

    The fact of the matter is, however, that if I weren’t a power user, I’d still have nearly equal chance to give away my credit card number on any of those platforms. The only reason the risk would increase on Windows is because of its popularity. Again, if Mac or *nix had 95% of the market share, they’d have that problem instead of Windows.

    The fad increasing in popularity right now, however, doesn’t even depend on what system you run but rather on exploits such as those in Adobe reader or flash, for example. If something hijacks my chrome browser, I’m kind of screwed whether I’m doing it on mac or linux or windows.

    This is not an apologetic post for Windows or an attack on Mac or Linux. Just setting the ground rules and adding perspective.

  18. Thanks for pointing out what I was about to say!

  19. Everyone saying “Windows” right now is a moron. That is all.

  20. Linux gets a bug
    >hurrrr, windows is duh best!
    Just ignore the millions of viruses constantly effecting windows.
    Not even trying to bad talk windows right now, but it’s a terrible argument lol

  21. Thats not the point here. I go to google, hotmail, and other safe websites and still get viruses on windows. Its all about windows being sensitive to viruses easily than Macs.

  22. Did anyone actually read the article? Put that headline-derived fanboyism aside and read this little bit:

    “50 per cent of active websites run on a web server called Apache, which in turn runs on Unix, making these sites potentially vulnerable. This means around 500 million active sites could potentially face problems, which is a lot worse than the 500,000 sites susceptible to the Heartbleed SSL bug.”

    Criminey. If Apache gets taken down, we’re in for one hell of a ride.

  23. 5 little words ignite dozen of comments, so much outrage, numerous people rushing to defend Linux and/or condemn Windows as if anything they type matters at all to anybody, and just an all around whole lotta butthurt. Nice one man, I gotta give it to you hahaha.

  24. no, it runs on 29 year old DOS 😛

  25. Marty Brandenberger

    Some people are missing the point. This doesn’t burn out your desk lamp, it takes down power stations…
    Linux/Unix are the primary backbone of the Internet.

    Windows
    viruses, although rampant, wouldn’t need to be if people were
    smarter…most WIndows virus infestations are due to the infamous id10t
    error. Yeah, Windows MIGHT be inherently more vulnerable because of how
    the kernel and rest of the system work together. Linux isolates the
    kernel to a greater degree. But most of Windows’ perceived vulnerability lies in the interface between the keyboard and the chair.

    However, regardless how rare it is, only ONE Unix virus that works is needed to mess stuff up for all of us.

    Disclaimer:
    2 desktops, 1 laptop. All dual-boot Windows 7 and Linux. I also still
    have WIndows XP as a VM. I am not biased either way (though I have
    enjoyed using Linux and the learning that goes with it).

  26. Clearly, you’ve never used Unix, understand bash, or know how the command prompt works. This affects servers running Unix and Linux, systems that avoided using your “master race” for good reason: poor security.

    Have fun playing Call of Duty.

  27. Windows doesn’t use DOS anymore, Windows hasn’t used DOS since like Windows 3.1

  28. LOL. Windows is worse. This bug you have to copy paste into your linux system, something you shouldn’t be doing anyways. Windows all you gotta do is view a webpage with explorer.

  29. Apache is run locally, on a server to server basis. Apache being “taken down” wouldn’t affect squat.

  30. That’s a lie, actually. Windows relied on the MS-DOS subsystem until Windows XP, which is the first Windows to be reasonably stable.

  31. Lmfao no..absolutely not. That statement could not be more erroneous. Windows 8 is the OS that has got rid of the DOS kernel, the only Remanents of DOS are the command prompt now. People go to school for IT before you make such statements. Linux I still believe it is better. This loophole can be fixed and be more secure once again than Windows. 80 % of my industry (System Network Administration) use Linux for a reason. Its IP filtering tables and security abilities namely in Fedora. Which I was just working with intimately on my Virtual machine. Linux will one day overtake Windows. The support for Linux seems to be growing. Especially with Google pumping Linux powered Android everywhere. (Coming to a TV near you in 2015 btw). when you can run so much in the background and not negating RAM with all these fancy GUIS other OS’ think you need. Its just more stress on the processor trying to work with the RAM.

  32. Well to be fair, you did state a falsehood. If Linux had 90% of the desktop market share, it would still be more secure than Windows. Windows is a terrible operating system, security was added later as an afterthought. It didn’t even have filesystem permissions or multi-user security and support for at least the first half of its life. Windows also relied on the MS-DOS subsystem until XP, the first reasonably stable version.

  33. But But I thought apple didn’t get viruses

  34. I wish I could tell you how wrong you are. Problem is, it’s technical and I’m afraid your ability to process that kind of information is negligible at best.

  35. Unix is based on Terminal, which is about 45 years old. Windows is based on DOS, which was, in turn, based on Terminal. Windows still uses (more or less) the same file management system that Windows 95 used, its just been presented in a different way. And indexed. So, 19 year old system. It still also heavily relies on DOS as its backbone. I’ll stipulate that Unix as a whole still relies on Terminal as well. But, you can’t say “At least it doesn’t run on 22-year-old Linux” when Windows still has parts of it that are very old.

  36. Either way, Unix bugs would affect more than just Mac and Linux users. That’s my point.

  37. Wifi Routers usually do NOT use bash. They use busybox.

  38. Windows hasn’t actually had a DOS Sub System since Vista took the scene. Yes the command prompt still exists, even in 8.1, but When Vista was released, they removed 99% of all the remaining DOS code.

  39. I think in this case, it would be more of a “If someone finds a major hole in Apache”.

  40. Mac OX, and linux can get this bug.. difference.. Open source, millions of users. open solution. be cured in hours not days, not weeks. At worst… hours.

  41. Well perhaps you shouldldn’t have kept trying with those “You’ve won a free ipad” or “Congrats! you’re our 1 millionth customer! have a free trojan” ads. If you were having to scan once a WEEK that’s your own fault for not using any common sense with what you click and download. I think i’ve had 2 or 3 viruses in all the time I’ve been using PCs (like 15 years?) and they were all my own fault. I scan perhaps once every four months, never have any issues.

    And like others have said, windows has more viruses for it because more people use it. You go for the base the virus is more likely to hit. Don’t be naive. The only reason there arn’t more viruses for Macs is because people make less viruses for them, not because they’re this impregnable fortress of security that some people think it is because they don’t understand how things work.

  42. You can argue and make assumptions till you’re blue in the face. But you can’t change the fact that Windows are rubbish with viruses. They leave their computers open to anything so they can have their “victims” running back for another computer. Or their victims pay through their noses and claim “warranty” will cover the damages.

  43. Vizio TVs are already using ubuntu 😀

  44. You must be out of your f’ing mind! Windows is utter shite compared to OS X.

  45. I don’t know how to say this nicely but… die 😉

  46. “Apache, which in turn runs on Unix”?!?! Uh, I know lots of Apache servers that aren’t running on Unix/Linux.

  47. A patch has already been released you stupid suckf**k.

  48. I’ve been using windows for over 10 years, and haven’t had any form of virus or malware protection in the last few years…simply put if ur not downloading crap you *think* you need…your fine. PC runs flawlessly. Especially if your running a WinPE with persistence.

  49. A patch has already been released by Ubuntu.

  50. That. Is some serious tin foil work; you’re absolutely full of it. You are are aware that most viruses do not in fact BREAK your PC beyond repair to the point where you need to buy Windows or a new PC, right? If it’s seriously that bad that you feel the need(I say feel the need because 99% viruses /can/ be removed) to reinstall windows….then you do that by your own clearly uninformed choice.

    You don’t need to pay Microsoft because “they’re in league with the virus makers! Woooooh! *spooky hands/lightning crackle etc*. I’ve fixed some seriously infected PCs in my time, and I’m pretty sure none of the money exchanged went to Microsoft, even that one time I did reinstall Windows, because you just made that shit up.

    Well unless you’re a moron who doesn’t know how to work a computer and downloads viruses every week and thinks the only solution is to buy a new PC or Windows disc. In that case I’d like to sell you the Brooklyn Bridge…. AND this copy of windows.

  51. they don’t 🙂
    there is a new virus every year somewhere out there in the making that supposedly will take down every mac out there. it never happened. and i doubt it ever will.

    unfortunately people like yourself are too stupid to understand how OS X, and Unix in general, works. you can’t just load a web page and catch a virus. that’s how windows works.

  52. how about androids with bash shells?

  53. specially dd-wrt

  54. penguin_master_5321895720

    While home routers often run some embedded Linux system, they are *extremely* unlikely to use Bash. It is just too large and bloated a shell to make sense in limited resources systems like that. You will rather find there a lighter shell like Busybox-sh, or maybe Ash. NAS boxes are more likely to be affected, but even there stripped-down shells are the norm, Bash being an exception.

  55. Well there’s your problem hotmail.

  56. It helps to have a running list of everything you have installed so that u dont download a virus thinking u need a special kind of software for viewing something. so many virus sites will try to get u to “install” a “update” for adobe flash player or something like that and it turns out to be a virus.

  57. you shouldnt get malware and trojans PER WEEK. Thats because you dont know how to use the goddamn PC and how to safely browse the internet. I calculate these things by THE YEAR and the last time I actually got a trojan was 5 years ago on my XP (thats without mentionning the fact that I spend half my time downloading files form the piratebay) . From the moment you know how to use a browser, a firewall, and an anti virus, you shouldnt have any problems on a windows device.

  58. Thanks man, it was a pleasure 🙂

  59. It’s been proven statisticly that people are more likely develop a virus for the MOST WIDELY USED operating system. If I were to develop a virus for the Mac OS, it would be like throwing a grenade into an empty building.

  60. Ok first off the first person to reply to your post was right. Microsoft holds the majority of the market, and developing virus’ or malware for the Mac OS is like throwing a grenade into an empty building. Second. You must be utterly stupid if you get so many viruses that you are having to do weekly scans. I have been using Windows since 2000 and I have been using the most basic, free antivirus on the market, MSE. And I have not once, come across a virus or malware, because I follow these simple steps. 1. Don’t browse suspicious websites. Generally your browser will detect these and attempt to stop you from visiting it. If you press on, your an idiot. 2. If you see a link on a website that says you have a million viruses and you need to download their software to fix it, then don’t touch it, because it’s scareware and it will do the opposite of it’s supposed purpose. (Pro-Tip: Mac’s are subsceptible to these too).

    People who obtain virus’ on any operating system do so by doing stupid things. Like opening spam e-mails, going to fishy websites (your browser shiuld warn you of them) and by intentionally downloading scareware. It can happen on any operating system, on any computer, to ANYONE. And if you get a virus, 100% of the time, you do not replace your computer, even if your operating system crashes for whatever reason, it is a software issue, not hardware, so you remove the virus, or reinstall your OS. It takes a Disc and a third grade education to understand.

    Oh and enjoy your Mactintosh. By the way, did you know that Apple has been known to subject it’s overseas employee’s at places like manufacturing plants, to some of the most inhumane working environments possible? Did you also know that Apple uses FoxConn and Intel hardware? Litterally the same hardware used in PC’s and in fact, up until I believe 2006, Apple was using their own hardware which was terrible by the way. And Apple’s OS isn’t even their own. It’s just a GUI slapped onto a Unix Kernal. And we all know what Unix is.

  61. Well you are doing one of two things then. You are either, 1. Lying about obtaining so many virus’ in an attempt to win this argument, or 2. You do not have an anti virus and there is no way to prevent them from reaching your computer, and even then, it would be hard to obtain anything without intentionally opening fishy e-mails.