http://www.bbc.com/news/technology-29361794The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.
The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.
Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.
The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.
https://www.us-cert.gov/ncas/current...-Vulnerability
Is already being widely used for Botnets, is an easy vulnerability to exploithttp://www.bbc.com/news/technology-29375636So far, thousands of servers have been compromised via Shellshock and some have been used to bombard web firms with data, said experts.
One group used their Shellshock botnet to bombard machines run by Akamai with huge amounts of junk data to try to knock them offline. Another group used its botnet to scan for more machines that are vulnerable.
Jaime Blasco, a researcher at security firm AlienVault, said its honeypot had seen scans and attacks that used Shellshock. The scans simply informed attackers that a server was vulnerable, he wrote, but others attempted to install malware to put that machine under an attacker's control.
http://www.alienvault.com/open-threa...21-in-the-wild
http://www.theregister.co.uk/2014/09...rm_type_fears/
https://www.cert.gov.uk/resources/al...ka-shellshock/
https://community.rapid7.com/communi...-cve-2014-6271