At any given time, we should expect for one per cent of high-urgency vulnerabilities to be actively exploited while 56 percent of all OpenSSL versions are still vulnerable to Heartbleed
," Dabboussi continued.
According to industry estimates, about 300,000 website owners have not been able to fix Heartbleed
even after eight months of the vulnerability being widely reported and fixed.
While the long-term impact of Shellshock remains undetermined, Gula believes it surpasses Heartbleed
in severity due in part to detection difficulty.
Given that the flaw has been around for more than ten years, almost all Linux and Unix machines running will be vulnerable and this could have a bigger impact than Heartbleed
which we saw earlier this year," said Wolfgang Kandek, chief technical officer for Qualys, Inc.
, which was quite hard to exploit properly, Shellshock can be exploited with just a couple of lines of code, giving just about anyone the ability to run arbitrary code on an affected computer.
Shellshock's impact could be far worse than the Heartbleed
bug earlier this year.
With the cloud comes questions about data security, and never were those questions louder or more urgent than this past spring when the Heartbleed
bug hit the headlines.
bug, which may have affected more than 500,000 PCs and mobile devices, enabled attackers to steal secure data and pose as genuine users, for instance.
According to the Internet research firm Netcraft, an estimated number of 500,000 foreign websites could have been affected by Heartbleed
vulnerability leaves no trace and it is still not known what data was stolen and in what volumes.
Of the three flaws, Heartbleed
was by far the most significant.
And concerns about security may be ramped up in the wake of the recently discovered Heartbleed
security hole in OpenSSL.