The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system. The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said...More at the link. I would welcome comments from some of the informed readers of this blog.
"Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system," Prof Alan Woodward, a security researcher from the University of Surrey, told the BBC.
"The door's wide open."
Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines...
"Using this vulnerability, attackers can potentially take over the operating system, access confidential information, make changes, et cetera," said Tod Beardsley, a Rapid7 engineer...
For general home users worried about security, Prof Woodward suggested simply keeping an eye on manufacturer websites for updates - particularly for hardware such as broadband routers.
29 September 2014
"Shellshock" - a scary new computer bug
From the BBC: