Apple's OS X operating system has a security flaw which could be more serious than the notorious Heartbleed bug, experts have warned.
Hackers could exploit a flaw in software on Unix-based operating systems such as OS X and Linux, according to the US Department of Homeland Security.
The vulnerable software is called Bash, which is used to control the command prompt on many Unix computers.
By exploiting the bug - known as Shellshock - hackers can take control of a targeted system.
Some software analysts have compared it to the Heartbleed bug, discovered in April, which was contained in encryption software called OpenSSL.
Heartbleed allowed hackers to spy on computers - but not take control of them.
The Shellshock bug is seen as worse because of the capability for overriding a user's control of a machine.
Cyber security firm Rapid7 has rated the bug as 10 for severity - maximum impact - and low for the complexity of exploitation.
The firm's engineering manager, Tod Beardsley, said: "Using this vulnerability, attackers can potentially take over the operating system, access confidential information and make changes.
"Anybody with systems using Bash needs to deploy a patch immediately."
Security expert Robert Graham wrote on Twitter: "I think I was wrong saying #shellshock was as big as Heartbleed. It's bigger."
It has been a bad week for Apple; on Wednesday it was forced to withdraw an update for the iOS 8 operating system, after it appeared to cause more problems than it solved.
Meanwhile a number of iPhone 6 Plus users have complained that it can become bent if left in a tight pocket.
No comments:
Post a Comment