A serious flaw leaves computers running Linux and Apple’s OS X operating systems vulnerable to attacks. It’s called Shellshock and an attacker who exploited this flaw could get down in your system and basically take it over.  Even worse, apparently this flaw has been around for years.

While Linux only holds about 1% of the home PC operating system market, lots of servers used by businesses that store important information run Linux. Mac’s OS X is also affected by this flaw. Mac computers have a reputation for being safer than Windows machines, but this has largely been due to the fact that since they account for less than 10% of PC users, attackers just haven’t bothered with them.

Researchers say they have already found proof of attempts to use that flaw. Shellshock could allow attackers to access passwords.  It runs a program that guesses passwords, and if your server has an easy one, the hacker can get into the server. You may remember that malware was left on the Healthcare.gov site because the server password was left on the default for that particular make of server. The malware could also be used to launch a denial of service attack. This bug poses more of a threat to servers than to home computer users. But remember, those servers are where your banking information, social security number and other important data is stored.

The developers of Red Hat, a Linux system used on servers, issued what they admitted was an incomplete patch for their systems and said they were working  on updates. Other Linux flavors that have issued patches are Fedora, CentOS and Ubuntu. So, if you’re running a Linux system, you’ll want to check for a patch.  Apple says most home users have default settings in place are safe and they are working on a patch for their advanced UNIX users.

If you’re running either the Linux or OS X operating system, make sure you have the latest patches and security updates in place. In the past many users of Linux operating systems and Apple computers have felt safe from attack because their systems were not target by hackers as frequently as Windows systems. But that is changing. Vulnerabilities like Shellshock and  Heartbleed SSL show that any system is vulnerable as long as someone is trying to attack it. Don’t forget to check the website for the company that makes your router. There may be a firmware update that you’ll want to install.

To test if your Linux or OS X system is vulnerable (Only these systems, this particular bug does not affect Windows), open the terminal and type in

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

Do this exactly as it is written or cut and paste. If your system is affected you’ll see a message that reads ” vulnerable this is a test.”

No matter what operating system you use for your devices, whether it be Windows, OS X, Linux, Android or iOS, it is important to always have the latest security updates available installed. If you have a firewall, make sure you turn it on.

~ Cynthia