US regulators warn banks over 'shellshock' bug which affects Bash, Oracle products
A group of top US financial regulators urged banks to quickly fix their software to protect it against the 'Shellshock' computer bug, saying it could expose them to fraud.tech Updated: Sep 27, 2014 10:35 IST
A group of top US financial regulators urged banks to quickly fix their software to protect it against the "Shellshock" computer bug, saying it could expose them to fraud.
Shellshock is a newly emerged major Internet threat that affects a common software tool found in many operating systems known as Bash, or Bourne-again Shell.
"The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk," the Federal Financial Institutions Examinations Council said.
The FFIEC is an interagency body that can prescribe common standards for banks that includes the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and others.
The banks should identify all their systems that use Bash and update them, and should also check third-party software, the group of regulators said.
Oracle Corp warned customers that more than 30 products are vulnerable to the "Shellshock" bug, including its high-end Exadata computer systems.
Oracle said it has only prepared fixes to address the Shellshock vulnerability in two products, the Oracle Linux and Solaris operating systems.