A newly discovered security bug in a widely used piece of Linux software, known as "Bash," could pose a bigger threat to computer users than the "Heartbleed" bug that surfaced in April, cyber experts warned on Wednesday. Bash is the software used to control the command prompt on many Linux computers. Hackers can exploit a bug in Bash to take complete control of a targeted system, security experts said. The Department of Homeland Security's United States Computer Emergency Readiness Team, or US-CERT, issued an alert saying the vulnerability affected Unix-based operating systems including Linux and Apple Inc's Mac OS X. The "Heartbleed" bug allowed hackers to spy on computers, but not take control of them, according to Dan Guido, chief executive of a cybersecurity firm Trail of Bits. "The method of exploiting this issue is also far simpler. You can just cut and paste a line of code and get good results." Tod Beardsley, an engineering manager at cybersecurity firm Rapid7, warned that the bug was rated a "10" for severity, meaning it has maximum impact, and rated "low" for complexity of exploitation, meaning it is relatively easy for hackers to launch attacks.
- NSA Denies It Used 'Heartbleed' Bug to Gather Intelligence
- 'Heartbleed' Bug Coder: 'It was a simple programming error'
- "Heartbleed' Bug: What Can You Do to Protect Your Data?