VMware, the reputable computer virtualization software provider, released patches for some of the VMware products, aiming to help the virtual appliances affected by the Bash command-line tool security flaw Shellshock. Fixes are still to be offered to other solutions.
On the last day of September, VMware company listed 23 products as still vulnerable to the Shell stock bug but are yet to get a patch. For some other VMWare products like ESX Hypervisor for example, updates are available.
The malware specialists confirmed that ESXi has not been affected by the Shellshock flaws, as it relies on Ash shell tool and it is not affected by the bug. The VMware experts further inform their clients that the Windows-based products and the vCenter Server which is running on Windows are also not impacted by the Shellshock bug.
The malware specialists state that the products of the company which are running on systems with Bash, including Android, Linux, iOS and OSX, can be exploited in case the shell version is vulnerable.
The VMware malware researchers recommend users to restrict the access to appliances through firewall rules and other network layer controls to only trusted IP addresses in order to reduce the risk. The users are further advised to outspread any patches that are available for the affected products.
