Researchers from Google have discovered a serious, seven-year-old vulnerability in code used by hundreds of thousands of apps and devices, the BBC reports.
It affects “glibc” — a library of open-source code. Hackers could use exploit the bug to crash or take control of services that make use of glibc. Google researchers say they have found that “remove code execution is possible, but not straightforward.”
To avoid helping potential attackers, researchers are not providing the code they used to exploit the bug.
As it happens, Google wasn’t the only company looking at the bug. In a blog post, Google researchers say that the bug was flagged up to the maintainers of the glibc code back in 2015 — and that security researchers at Red Hat were also investigating it.
Researchers have now produced a patch that fixes the issue. People who develop products that use the vulnerable code now need to roll out the patch.
Professor Alan Woodward at the University of Surrey told the BBC: “Many people are running around right now trying to work out if this is truly catastrophic or whether we have dodged a bullet.” But as Ars Technica’s Dan Goodin points out, the fact it went unpatched for seven years — and was discovered by multiple groups — means it’s not unfathomable that it has been discovered and exploited by malicious third parties.
NOW WATCH: An Iranian actress posted Instagram photos of herself without a hijab and was forced to flee the country
Business Insider Emails & Alerts
Site highlights each day to your inbox.