Oracle has released security updates to address BASH bug vulnerabilities found across multiple products. However, Oracle also included in its announcement a list of 42 Oracle products that remain vulnerable to Shellshock, with 17 more still under investigation.
The so called Shellshock bug is a fault in the BASH command interpreter used with Unix variants to execute commands. A hacker could exploit the bug to execute harmful commands and possibly take control of the system. Machines controlled by hackers are used to form botnets, criminal networks that spread spam and malware.
Unix variant operating systems including Linux, MAC OS X and Android. Windows systems are not vulnerable and Android devices are believed to be only vulnerable if a server they connect to is infected first. Because of the widespread use of Unix variants and related systems, the Information Technology community has reacted strongly to the bug. Oracle’s release indicates progress, but much work needs to done.
Apple announced patches for it Mac OS X earlier in the week to deal with Shellshock. Apple has asserted that their users were not vulnerable to the BASH bug if they retain their default configuration.