Bash Bug can affect computers running Mac OS X: Symantec

Security software maker Symantec today said Bash Bug can potentially affect computers running Mac OS X and may lead to the attacker gaining control over the targeted computer.
"A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix)," Symantec said.
The Bash Bug also called Shellshock is a GNU Bash Remote Code Execution Vulnerability that can allow an attacker gain control over a targeted computer if exploited successfully, it added.
This vulnerability affects Bash, a common component known as a shell that appears in many versions of Linux and Unix, the firm said.

Bash allows the user to type commands into a simple text-based window that the operating system runs and can also be used to run commands passed to it by applications.
"Symantec regards this vulnerability as critical, since Bash is widely used in Linux and Unix operating systems running on Internet-connected computers, such as Web servers," the company said.

Although, specific conditions should be in place for the bug to be exploited, a successful exploitation can enable remote code execution, it added.
This would not only allow an attacker to steal data from a compromised computer, but will enable the attacker to gain control over the computer and potentially provide them with access to other computers on the affected network, it said.

On the attacks, Symantec said there are limited reports of the vulnerability being used by attackers in the wild.
"Once the vulnerability has been made public, it was only a matter of time before attackers attempted to find and exploit unpatched computers," it, however, added.
On Mac's vulnerability to the Bash Bug, Symantec said computers running Mac OS X are also potentially vulnerable until Apple releases a patch for the vulnerability.
"Again, attackers would need to find a way to pass malformed commands to Bash on the targeted Mac. The most likely avenue of attack against OS X would probably be through Secure Shell (SSH), a secure communications protocol," it added.

However, it appears that the attacker would need to have valid SSH credentials to perform the attack. In other words, they would already have to be logged in to an SSH session, the firm added.