‘Bash’ security bug could be bigger than ‘Heartbleed’

September 25, 2014, 12:53 PM UTC
contract armin harris
Kyle Bean for Fortune

Cyber experts are warning that a security bug in a widely used piece of Linux software, known as “Bash,” could potentially pose a bigger threat to computer users than the “Heartbleed” bug that surfaced earlier this year.

The Department of Homeland Security’s Computer Emergency Readiness Team, known as US-CERT, issued a statement that it was “aware of a Bash vulnerability” affecting Unix-based operating systems such as Linux and Mac OS X. Security experts have told Reuters, CNET and other media outlets that the potential vulnerability is large, with some saying there is a wide range of devices affected that require system administrators to apply patches immediately.

That’s because Bash is “perhaps one of the most installed utilities on any Linux system,” according to a security blog post by open-source software provider Red Hat (RHT). Created in 1980, Bash has evolved from a terminal-based command interpreter to many other uses, Red Hat said, and it is common for a lot of programs to run Bash in the background.

Bash is the software used to control the command prompt on many Unix computers, according to a Reuters report. Citing security experts, Reuters reported hackers can exploit a bug in Bash to take complete control of a targeted system.

The worries surrounding Bash come after companies were forced to scramble to patch their systems after a vulnerability known as Heartbleed created a stir. The Heartbleed vulnerability was a weakness in the widely-used OpenSSL encryption that protects the electronic traffic on a large number of websites and in scores of devices, according to a Homeland Security statement in April. That vulnerability was unusual in that it was widespread, easy to use and the bug had reportedly been out for more than two years.