The software security flaw, dubbed Shellshock common in home computers and web servers could allow hackers to access personal data, the Information Commissioner's Office (ICO) has warned.
The bug, which started making headlines last week, was found in a software component called Bash, which is used in many Linux systems and Apple Macs using the OS X operating system and could allow vulnerable computers to be controlled remotely.
The ICO, set up to enforce data protection laws, urged individuals and businesses to install the latest security updates on their IT systems.
"This flaw could be allowing criminals to access personal data held on computers or other devices," an ICO spokesman said.
For businesses, that should be ringing real alarm bells, because they have legal obligations to keep personal information secure.
"The worst thing would be to think this issue sounds too complicated - businesses need to be aware of this flaw and need to be monitoring what they can do to address it. Ignoring the problem could leave them open to a serious data breach and ultimately, enforcement action.
"And for people who are concerned their personal information could be at risk on their own devices, the message is clear. Don't think this all sounds too complicated. Security updates are currently being rolled out - don't ignore them, but make sure you apply them as soon as practically possible."
CERT-UK, the country's Computer Emergency Response Team set up in March this year under the National Cyber Security Strategy, has issued an alert.
The organisation suggested Shellshock could pose a bigger threat than the Heartbleed bug, which exposed passwords to hackers and was only found earlier this year.
A description of the bug on its website read: "Bash is a standard program installed on most machines running non-Windows operating systems as standard including, but not limited to, Unix, Linux, MacOS and many embedded architecture devices.
"The affected versions go back to Bash 1.14 which was first released in 1995.
"Unlike the Heartbleed vulnerability which affected only openssl (an additional program that only certain users actually implemented), Shellshock is likely to affect a much wider community."
Share
