US government joins in warnings of security flaw that could be used by hackers

Shell Shock vulnerability could threaten data across range of devices

A new security flaw could allow hackers to access data
A new security flaw could allow hackers to access data

The US government has joined an array of researchers warning of a security flaw that could allow hackers to access devices ranging from computers to video cameras and steal data.

A vulnerability in some Unix-based systems, such as Linux and Apple’s Mac OS X, “may allow a remote attacker to execute arbitrary code on an affected system,” the US Department of Homeland Security’s Computer Emergency Readiness Team said in a statement on its website.

Systems administrators can fix the flaw with a patch, it said.

The vulnerability affects Bourne again shell, or Bash, one of the most widely installed pieces of software on any Linux system, software maker Red Hat said in a statement on its security blog. The vulnerability, dubbed Shell Shock, could let hackers insert extra code into a computer leading to data theft or the crashing of networks.

READ MORE

“Shell Shock is incredibly easy to exploit,” Jeremiah Grossman, chief executive of internet security company WhiteHat Security said.

“Compromise of one affected system can automatically spread to another vulnerable system. If this is the case, Shell Shock could easily turn out to be a much bigger problem than Heartbleed.”

A spokeswoman for Apple, didn't immediately respond to queries.

Heartbleed, a security flaw disclosed in April, affected as many as two-thirds of all Internet servers and could allow hackers to intercept traffic including e-mails, user names and passwords.

- Bloomberg