Newly discovered vulnerabilities in the widely used Bash shell for Linux operating systems could result in the inadvertent sharing of data from connected devices, according to one expert evaluating the situation.
Researchers are piecing together the total impact of the issue following its disclosure earlier today. Linux distribution vendors like Red Hat and Canonical have been providing patches to install on devices, and cloud providers like Amazon Web Services have also provided instructions for customers to remedy the problem.
But the most direct effect could put devices on the Internet of things — and generally gadgets requiring remote access — into a tough position. That’s because Bash can allow technically savvy people to reach out to devices and get back arbitrary data in response, security expert Troy Hunt told VentureBeat in an interview.
“Certainly Internet-connected stuff is going to be the immediate vulnerability,” Hunt told VentureBeat, adding that devices running versions of Bash that haven’t been updated in years could be at risk.
The move could have security researchers and also IT administrators scrambling for days or weeks following the disclosure, just as the Heartbleed security vulnerability did earlier this year. And because an unpatched version of Bash could lead machines to issue arbitrary commands, the potential risk of the vulnerability is much greater, Hunt said.
Researchers will be looking for evidence of exploits of the flaw, and companies could move to revoke security certificates and credentials in the wake of the revelation, said Hunt, a Sydney-based software architect at Pfizer and a Microsoft Most Valued Professional who specializes in security.
But even before that, the impact is certainly catching people off guard today.
Essentially, it’s a zero-day [threat] for many people,” Hunt said. “They’re not patched yet.”
VentureBeatVentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more