Shellshock or "Bash Bug"

I think this is even more serious than the heartbleed bug. I wonder how many organizations are affected this round. jia lat liao...

Seems that Apple has released some patches OS X.

<a href=" arstechnica.com/apple/2014/09/apple-patc...-10-9-10-8-and-10-7/ "> arstechnica.com/apple/2014/09/apple-patc...-10-9-10-8-and-10-7/ </a>

Shellshock or "Bash Bug" is a major vulnerability which many security folks are scrambling to fix it now. The vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because the Shellshock vulnerability is very widespread which is even more so than the OpenSSL Heartbleed bug and particularly easy to exploit, it is highly recommended that affected systems are properly updated to fix or mitigate the vulnerability as soon as possible.

Sharing some facts about this bug:

<strong>Shellshock</strong> is a nickname for a bug in the Bash (Bourne Again SHell) command-line interpreter, also known as a shell. The Bash shell is widely distributed as the default command-line interpreter on many operating systems including most flavors of Linux, many flavors of Unix, some flavors of BSD, and Apple's OSX (since 10.3).

The Bash shell can also be found on many other systems, from Windows to Android. However it is not installed and/or used by default on these systems.

Since the announcement of the initial Shellshock bug (CVE-2014-6271), related bugs in Bash were found by various researchers. See the full list (so far) below. The most significant of these is still the CVE-2014-6271 bug and references to Shellshock below refer to it, except where otherwise indicated.

This won't be the first, neither the last.. whahahhaa