A bug in the Bash software used to control the command prompt in many Unix computers could be a bigger threat than the Heartbleed OpenSSL bug, security experts have warned.

They have urged any organisation running Unix-based computers should install the security update immediately.

Hackers could exploit the flaw in Bash (Bourne Again Shell) to take complete control of a targeted system, prompting the UK Computer Emergency Response Team (CERT-UK) to issue an alert.

According to the alert, the Bash bug affects Unix-based operating systems, including Linux. However, CERT-UK said it is not yet clear whether other Unix-based systems, such as Apple’s Mac OS X, Google’s Android and other embedded systems in internet of things (IoT) devices, are affected.

To test if a system is vulnerable, CERT-UK said users can enter the command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be: vulnerable this is a test

An unaffected (or patched) system will output: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

Bash bug presents threat to enterprise data Security experts say the bug is easier to exploit and is a greater threat than the Heartbleed bug that only allowed attackers to spy on computers, not to take complete control. This means anyone exploiting the bug could access and potentially manipulate sensitive information on targeted Unix-based machines. This is of particular concern for enterprises, because a large proportion of enterprise servers are Unix-based. The US-CERT said a GNU Bash patch is available for experienced users and administrators. Other users are advised to get the necessary security update from software makers such as RedHat. Updates are also available for CentOS, Debian and Ubuntu, but Apple has yet to make an announcement about an update for OS X. However, a Stack Exchange post describes how Mac users can check for the vulnerability and patch it if necessary. Security experts have urged companies to seek and patch all vulnerable computers, but have warned that this could take some time for large organisations.