A program that comes pre-installed on
Hackers would gain access to everything on the computer, such as "sensitive information, confidential information, intellectual property, customer data, financial data – the list goes on – including the ability to make changes," Kyle Kennedy, chief technology officer at data security firm STEALTHbits Technologies, said in a statement.
The affected program, Bash, is rarely used by anyone other computer programmers. It allows users to write coded text commands that translate to actions on the computer, from simple things like deleting files to complex tasks like changing network set-ups. But many other pieces of software use Bash in the background, often without the computer user realizing.
Bash is known as a "shell program," spawning the name "Shellshock" for the bug.
Operating systems based off
Cable boxes, routers and other Internet-connected devices also run Bash, said Chris Stoneff, director of professional services at Lieberman Software. The breadth of devices vulnerable makes the bug a juicy target for hackers, he and others said.
The security firm Bitdefender said it had already seen attacks against Internet servers on Thursday, noting that the threat usually involves an automated program that tries to sneak in a malicious command to the server.
Some experts recommended encrypting sensitive files as a precaution.