September 26 at 5:25 AM
A programming flaw dubbed the “Bash Bug,” or more ominously “Shellshock,” is being described as potential threat to millions of computers, servers, medical devices, power plants and municipal water systems and even common objects such as refrigerators and cameras.
It is being compared to Heartbleed, a flaw in security software used by most of the Internet which allowed hackers to steal data such as passwords. Shellshock is similarly widespread and can be used to wreak more havoc. It allows hackers to take control of a vulnerable machine, steal data, shut down networks and cause other problems.
...
Bash is used in most Linux or Unix-based operating systems, including Apple’s Mac OS X
...
The National Institute of Standards and Technology rated Shellshock a 10 on a 10-point severity scale. Heartbleed was rated five. Both flaws were rated low in terms of complexity, which means they can be easily exploited.
...
Shellshock has existed for 22 years, the Times noted. It doesn’t just expose your password — hackers can exploit the flaw to hijack your computer.