Huge Oracle Patch

Thursday, January 19, 2017 @ 04:01 PM gHale


Just like some of the other major vendors that released patches this past week, Oracle released its first Critical Patch Update this year.

The difference this time around is Oracle’s release was huge compared to the others.

RELATED STORIES
Oracle’s Patch Update
Exploit Kit Jumps on Old Applications
Cyber Ransom Attacks on Rise
Phishing Flourishes on Overconfidence

Oracles release takes care of 270 vulnerabilities across multiple products, and over 100 of them are remotely exploitable by unauthenticated attackers.

The entire list of affected products and components is long, and Oracle advises users of all of them to implement the updates as soon as possible.

The focus has shifted from Database and Java SE to critical business applications.

Other hefty updates in this CPU include that for Oracle Financial Services Applications (37 vulnerabilities), Oracle MySQL (27), Oracle Fusion Middleware (18), and Oracle Java SE (17, of which 16 are remotely exploitable).

Cisco Talos also released details about two patched RCE vulnerabilities researcher Aleksandar Nikolic unearthed in Oracle Outside In Technology (OIT), a set of SDKs that software developers can use to perform various actions against a large number of different file formats.

The number of fixed issues is not the largest an Oracle CPU has ever delivered, but of the last five (since January 2016), four have passed the 240-mark.



Leave a Reply

You must be logged in to post a comment.