The U.S. Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security (DHS), recently released a security advisory about a serious vulnerability (CVE-2014-6271) widely known as Shellshock, which is similar in severity to the Heartbleed vulnerability from April 2014. The bug was uncovered in the Bash command-line interpreter (also known as a "shell") widely distributed in many computer operating systems including Linux, Unix, Berkeley Software Distribution (BSD) and Apple OS X, and on some Microsoft® Windows and Android systems.
We have determined that the safety and security of our manufactured medical devices are not at risk by the Shellshock vulnerability. BD takes product safety and security—along with all information security matters—very seriously. Once we become aware of any vulnerability, we take immediate steps to investigate potential risks to our products and our customer-facing websites and related services.
We continue to monitor and investigate the situation and, as of October 3rd, can confirm that these customer-facing products and systems are secure from the Shellshock vulnerability:
BD continues to investigate the matter and monitor the situation closely. We will update this page with additional, relevant information as it becomes available.