Millions of Apple Mac users ‘at risk’ from devastating ‘Bash’ security flaw

Apple’s OS X operating system has a security flaw which could be more serious than the notorious Heartbleed bug, experts have warned. Hackers could exploit a flaw in software on Unix-based operating systems such as OS X and Linux, according to the US Department of Homeland Security. The vulnerable software is called Bash, which is used to control the command prompt on many Unix computers. By exploiting the bug - known as Shellshock - hackers can take control of a targeted system.

Using this vulnerability, attackers can potentially take over the operating system, access confidential information and make changes. Anybody with systems using Bash needs to deploy a patch immediately.

Cyber security firm Rapid7 engineering manager Tod Beardsley

Some analysts have compared it to the Heartbleed bug, discovered in April, and contained in encryption software called OpenSSL. Heartbleed let hackers spy on computers - but not take control of them. The Shellshock bug is seen as worse because of the capability for overriding a user’s control of a machine. Cyber security firm Rapid7 has rated the bug as 10 for severity - maximum impact - and low for the complexity of exploitation. It’s been a bad week for Apple; on Wednesday it withdrew an update for the iOS 8 operating system after it appeared to cause more problems than it solved. Meanwhile a number of iPhone 6 Plus users have complained it can become bent if left in a tight pocket.

I think I was wrong saying #shellshock was as big as Heartbleed. It’s bigger.

Security expert Robert Graham, via Twitter