The trigger lies in old Shell Shock, and apparently has been lurking in the Bash shell for years.
It allows attackers to run deep-level shell commands after exploiting the flaw, even as certain services and applications allow remote unauthenticated attackers to provide environment variables. An attacker could override or bypass environment restrictions to execute shell commands.
The true danger lies in the fact that a larger chunk of the web-connected devices, servers, and other web-service infrastructures run on Linux distributions equipped with the Bash shell, though many embedded devices don't actually use it. However, its direct impact appears somewhat slim if you apply standard security precautions.
Red Hat has promptly released a patch for its Linux distributions, albeit the patch is incomplete, and vendors like Akamai have issued advice on how to mitigate the problem. Meanwhile, Apple is yet to issue a fix for Mac OS X.
Sign up here with your email