Red alert for new bug that is 'worse than Heartbleed'
Shellshock bug has potential to affect 500 million computers worldwide, according to experts
A newly discovered software bug some are claiming is worse than Heartbleed could potentially affect hundreds of millions of computers.
The flaw has been found in a software component known as Bash, which is part of many Linux systems as well as Apple's Mac operating system, and the bug, dubbed Shellshock, can be used to remotely control almost any system using the Bash component.
The US government-backed National Vulnerability Database rated Shellshock 10/10 for severity, and experts predict it has the potential to affect 500 million computers.
Ben Densham, chief technology officer at cyber security consultancy Nettitude, said: "This is a very serious vulnerability, not least because it could affect such a large number of systems and devices. It is already being compared to Heartbleed in terms of scale."
Earlier this year, Heartbleed, which was a vulnerability in OpenSSL – technology used to protect sensitive data – affected 500,000 machines worldwide.
But it may not be just consumers who are affected, according to Richard Cassidy, senior solutions architect at Alert Logic.
"Given the extent of the operating system versions it affects, organisations are going to have a great deal of work to do, to get patched, and should commence sooner rather than later," Cassidy said.
Kevin Epstein, vice president of information, security and governance at security vendor Proofpoint, said initial indications are that Shellshock has been existent in the code for a longer period than Heartbleed, and is in a more general-use area of the code.
"Correspondingly, this vulnerability will likely be more widespread and in code that's no longer being maintained, such as legacy routers and NAS devices," he said. "Clearly this has wider security implications than Heartbleed, and suggests the need for additional incremental layers of security as well as patches."
Lawrence Jones, chief executive of internet hosting firm UKFast, said: "My advice would be to apply the relevant patches and updates being offered by Linux providers and keep checking back for further information as further patches may be released. I would also always recommend protecting your systems with a secure firewall."