The bug, named Shellshock, is similar to the Heartbleed bug that generated widespread fear last spring because it would allow anyone with knowledge of the vulnerability to exploit a large number of computer servers. The flaw was discovered in Bash, short for Bourne-Again Shell, a command prompt in Unix. The operating system is commonly used in corporate computer networks and is the basis of other systems, including Linux and Apple’s Macintosh operating system. It is not yet clear how the bug affects Macs.

NEW YORK — A newly discovered bug in the world’s widely used Linux and Unix operating systems could allow hackers to take control of hundreds of millions of machines around the world, according to security experts.


The bug, which was reported late Tuesday, would allow hackers to write code that could surreptitiously take over a machine or run their own programs in the background. The National Institute of Standards and Technology has said that the vulnerability is a 10 out of 10, in terms of its severity, impact, and exploitability, but low in terms of its complexity, meaning it could be easily used by hackers.

While the Heartbleed bug affected some 500,000 machines, in early estimates, security experts predicted that the Shellshock bug could ultimately be far more significant.

Researchers at Kaspersky, a security firm, noted that hackers could only use Heartbleed to steal data from a server’s memory in hopes of finding something interesting. But the Shellshock vulnerability makes it possible for someone to take over a machine. The researchers said that as soon as the bug was reported Tuesday they detected widespread Internet scanning by “white hat” hackers as well as people believed to be cybercriminals.

Security experts urged home users to stay abreast of updates from technology manufacturers, particularly for hardware such as routers.

Advertisement