The Bash bug could very well outrun Heartbleed, which affected around 500,000 machines.

Remember the Heartbleed bug back in April 2014? As a refresher, it was a security threat in the OpenSSL cryptography software. Now, another bug has risen up from the ashes just in time to freak us all out again. “Shellshock” is a newly discovered bug in Linux and Unix operating systems, and it's kind of scary in how easy it is to attack. Security researcher Stephane Chazelas found the computer bug in Unix Bash software (a command prompting program), “leaving Linux machines, routers, older IoT devices, and more vulnerable to attack” (PCWorld). Don't think you aren't susceptible to this threat if you run Windows. Most people use more Linux systems than they even realize. In fact, most of what you see on the Internet today is running on Linux distributions equipped with the Bash shell. This includes web-connected devices, web-powered services, and of course servers.

Experts are saying this vulnerability has been prevalent in the Shell software for many years, and the meanies are just now deciding to exploit the flaw. So how is “Shellshock” a threat to us? It essentially allows hackers to control our machines. Attackers are able to write files they have no authority to, allowing them to run deep-level commands, modify authentication information, as well as gain access information within our computers. According to the National Institute of Standards and Technology, vulnerability is a 10 out of 10.
Because bugs like this are hard to measure, security experts are not sure how widespread it is and who is vulnerable. According to ArsTechnica, versions 1.14 through 4.3 of GNU Bash are affected. Patches have been issued to the following Linux distribution vendors:
Red Hat Enterprise Linux
CentOS (versions 5-7)
Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
Debian


To test vulnerability on your Linux or Unix system, from a command line, type:


The Bash bug could very well outrun Heartbleed, which affected around 500,000 machines. It could also continue being a threat for a while considering Shellshock's deep systematic roots. Cyber security expert Joe Hancock expressed his “concern for potential attacks on home broadband routers and controllers used to manage critical infrastructure facilities”. Hancock goes on to say, “In some areas this will be a challenge to fix, as many embedded devices are not designed with regular updates in mind and will never be able to be patched”. Therefore, as far as what we can do at home, a good rule of thumb is to remain up-to-date on updates from technology manufacturers, especially routers. The coming weeks and months will reveal more information regarding who is vulnerable.