A new computer bug has put hundreds of millions of computers at risk, leaving the “door wide open” for hackers.

The bug — dubbed Shellshock — has been found in a software component called Bash — a part of many Linux systems as well as Apple’s Mac OS operating system.

Shellshock can be used to take control of any system using Bash — Bourne-Again SHell.

Stephen Davidson, head of product development at Bermuda-based cyber security experts QuoVadis, said: “The potential for abuse with the Shellshock vulnerability is enormous.

“Getting SHell is a major win for an attacker because of the control it offers them over the target environment.

“They have wide options from access to internal data to reconfiguration of environments, to publication of their own malicious code.”

The US Department of Homeland Security’s computer emergency readiness team (CERT) has already rated Shellshock a ten out of ten threat — the maximum severity rating.

Bash is a command prompt on many Unix computers — an operating system used to build other systems like Linux and Mac OS.

Mr Davidson added: “It’s not a geographic thing — it’s the internet. Bermuda is as vulnerable as anywhere else.”

And he predicted: “It’s certain that malware will quickly become available to automate attacks on the Shellshock vulnerability.”

Mr Davidson warned: “Fixing the issue is complex to deal with — the best advice is to watch for security updates, particularly on OS X and providers of devices that you have that run embedded software.

“At the same time, consumers should be cautious of e-mails requesting information or instructing them to run software — events like this are often followed by phishing scams that take advantage of users’ fears.”

Mr Davidson explained that Bash is used for a wide range of functions — ranging from configuring websites to controlling embedded software on a device like a webcam or router.

The functions are not designed to be open — but Shellshock creates a door allowing a remote attacker to take control.

Shellshock is rated as far more serious than the Heartbleed bug which was discovered in April.

And the problem has been compounded because many web servers are run using the Apache system — software which includes the Bash component.

Professor Alan Woodward, a security researcher at the UK’s University of Surrey, said: “Whereas something like Heartbleed was all about sniffing what was going on, this was about giving you direct access to the system.

“The door’s wide open.”

CERT has already recommended that systems administrators should apply computer to apply patches to close the loophole.

But some experts said that the patches were not a full fix and would not restore full security.

Google security researcher Tavis Ormandy on Twitter said patches seemed “incomplete”.

Chris Wysopal, chief technology officer at security software maker Veracode, said: “That means some systems could be exploited even though they are patched.”

He added: “Everybody is scrambling to patch all of their internet-facing Linux machines — that is what we did at Veracode today.”

But he said: “It could take a long time to get that dome for very large organisations with complex networks.”

Prof Woodward said that home computer users should monitor manufacturers’ websites for updates — particularly for hardware like broadband routers.