WASHINGTON (Reuters) - A group of top U.S. financial regulators urged banks to quickly fix their software to protect it against the “Shellshock” computer bug, saying it could expose them to fraud.
Shellshock is a newly emerged major Internet threat that affects a common software tool found in many operating systems known as Bash, or Bourne-again Shell.
“The pervasive use of Bash and the potential for this vulnerability to be automated presents a material risk,” the Federal Financial Institutions Examinations Council said.
The FFIEC is an interagency body that can prescribe common standards for banks that includes the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and others.
The banks should identify all their systems that use Bash and update them, and should also check third-party software, the group of regulators said.
Reporting by Douwe Miedema; Editing by David Gregorio