The Shellshock Bug has hit Apple, but it’s not that easy for attackers to take advantage of it, according to Intego, which specializes in security software for the operating system.
Named for a flaw in the Bourne Again Shell, or Bash, “Shellshock” which is a command-line shell processor widely present in Unix and Linux systems. The flaw in Bash could allow an attacker to take complete control of your computer.
Bash would be exposed if a user turned on the remote login capability for all users, including guests. But that wouldn’t be such a smart thing to do as it would open up the computer to other possible attacks.
Another scenario in which adjusted settings could make a difference is on a Lion OS X server running Apache or PHP scripting environments. If Apache is configured to run scripts, an attacker could insert variables into a script that a Bash shell would run.
Security personal around the world are trying to figure out just how many Internet-connected devices are vulnerable to Bash and to what extent they’ve been affected. Attackers have been scanning the Internet to locate vulnerable systems. Experts are predicting that more attacks customized for vulnerable systems will soon emerge.
(Image Source: iCLIPART)