BBC and other news outlets are letting people know about a vulnerability that’s being rates as a 10 out of 10 on the severity scale.
The bug is in the linux command – BASH.
BASH stands for Bourne-Again SHell – is a command prompt on many Unix + Linux computers. Unix/Linux are variants of an operating system on which many others are built, including MacOS.
As a way of explaining the magnitude of this bug – the heartbleed bug from April 2014 affected an estimated 500,000 machines worldwide – this new vulnerability in Linux variants, is expected to affect 500 Million+ machines + servers.
The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.
Experts, including US-CERT are suggesting that system admins should PATCH IMMEDIATELY.
US-CERT recommends users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Blog for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
Releases of patched bash commands have been released by all the most commonly affected Linux variants
There are other warning from other security experts, who are claiming that the patches are incomplete – stay tuned for more patches if this proves to be correct.