Linux's most serious vulnerabilities are more dangerous than "heartbleed"

According to foreign media reports, network security experts warned on Wednesday that a frequently used segment & ldquo; Bash & rdquo; in open-source software Linux has recently discovered a security vulnerability, its threat to computer users may be more than the & ldquo; Heartbleed & rdquo; (Heartbleed) vulnerability exposed in April this year. Bash is a software used to control Linux computer command prompts. According to network security experts, hackers can use Bas

According to foreign media reports, network security experts warned on Wednesday that a frequently-used section "Bash" in open-source software Linux has recently discovered a security vulnerability, its threat to computer users may exceed the "Heartbleed" vulnerability in April this year.

Bash is a software used to control Linux computer command prompts. Network security experts said that hackers can use a security vulnerability in Bash to fully control the target computer system.

Dan Guido, Chief Executive Officer of Trail of Bits, a cyber security company, said: "compared with Heartbleed, the latter only allows hackers to snoop on computers, but does not allow hackers to gain control of computers."

He said: "The Bash vulnerability method is much simpler. You can cut and paste a line of software code to achieve good results ."

Gido also said that he is considering disconnecting non-essential servers of his company from the network to protect them from being attacked by the Bash vulnerability until he can fix the vulnerability.

Todd Beardsley, Engineering Manager of Network Security Company Rapid7, warned that the severity of the Bash vulnerability was rated as 10, which means it has the greatest influence, however, the exploitation difficulty is rated as "low", which means that hackers can easily use it to launch network attacks.

"Using this vulnerability, attackers may take over the entire operating system of a computer, access confidential information, and modify the system. Any computer system that uses Bash must be immediately patched ."

"Heartbleed" is a security vulnerability in OpenSSL, an open-source encryption software. It was discovered in April this year. Because 2/3 of the world's websites use OpenSSL, the "Heartbleed" vulnerability puts tens of millions of people at risk. This also forces dozens of tech companies to release security patches to block security vulnerabilities in hundreds of products that use OpenSSL.