What is Shellshock? 'Bash Bug' could be internet's worst yet

Libby Plummer

'The Bash Bug', also known as as 'Shellshock' could prove to be an even bigger security threat than the 'Heartbleed' bug that put millions of web users at risk of hacking earlier this year.

What is Bash?

Bash is a Unix command shell - the thing that you use to tell your computer what to do, such as opening an application by typing a text command.

It's used to communicate with web servers that are powered by Unix-based systems, including Linux. These servers are widely used across the internet, and in turn, numerous websites.

Bash Bug, or Shellshock, has been described as more dangerous than the infamous Heartbleed security flaw (IB Times)
Bash Bug, or Shellshock, has been described as more dangerous than the infamous Heartbleed security flaw (IB Times)



Bash has been around since 1989 and has been potentially vulnerable to hackers for the past 25 years, but this has only just been discovered.

What is Shellshock and why is it bad news?

The Shellshock bug effects the Bash software. This could be a huge problem as so much of the internet runs on servers that are powered by this software, an extremely high number of websites could be at risk from malicious types.

The Shellshock bug is a potential threat to millions of web users (REUTERS/Kacper Pempel)
The Shellshock bug is a potential threat to millions of web users (REUTERS/Kacper Pempel)



It also means that Apple's Unix-based OS X system that it uses on its iMacs and Macbooks is potentially at risk. What's more, any internet-connected home gadgets such as TVs and app-controlled thermostats could also be open to hackers.

Why is it worse than the Heartbleed bug?

Discovered earlier this year, the Heartbleed bug affected any system running Open SSL - a common encryption system for sensitive information on the web - leaving millions of passwords vulnerable to hackers and resulting in major cyber thefts.

Servers running the Apache web server software are among the systems most vulnerable to Shellshock (IB Times)
Servers running the Apache web server software are among the systems most vulnerable to Shellshock (IB Times)



Shellshock is different, and potentially much worse, in that it actually lets unscrupulous web users take control of your machine remotely, enabling them to change settings, or install software.

Are you at risk?

While some home servers, Mac and PCs running Linux are technically vulnerable to the bug, hackers are more likely to go after web servers.

[How to stay private online (when you really need to)]
[Is your Wi-Fi router a security risk]

This could be a big problem as so many websites will be at risk, especially those that use online forms to gather your sensitive data such as bank details and address information.  

What can you do about it?

There's not a great deal you can do other than wait for manufacturers and major software makers to release patches and updates to plug any security gaps. Running up-to-date security software on your devices is always a good safety net.

The Symantec Security Response team commented:

"Consumers are advised to apply patches to routers and any other web-enabled devices as and when they become available from vendors. Users of Apple’s Mac OS X should be aware that the operating system currently ships with a vulnerable version of Bash. Mac users should apply any patches for OS X when they become available."

  • Up next
  • Up next
  • Up next
  • Up next

Latest stories