Oracle Patches 89 Vulnerabilities In Sizeable Update
Oracle squashes a lot of bugs but one researcher says company’s security practices “are simply not working”
Oracle has released a sizeable Critical Patch Update with 89 flaws fixed, almost half of which could have allowed for remote access of machines.
More than 40 percent of flaws addressed allow for remote access, with the Oracle database having four such vulnerabilities.
Oracle’s MySQL database has 18 vulnerabilities covered, two of which are remotely accessible. There are 16 fixes for products in the Oracle Sun line, eight of which could lead to remote exploitation.
Many Oracle flaws
Fusion Middleware was riddled with flaws two, with 21 vulnerabilities, 16 of which can be exploited by external malicious hackers.
A total of 18 different researchers were credited for helping find flaws and onlookers are getting concerned at the high number of security holes appearing in Oracle products.
“The constant drumbeat of critical Oracle patches is more than a little alarming particularly because the vulnerabilities are frequently reported by 3rd parties who presumably do not have access to full source code,” said Craig Young, security researcher at Tripwire.
“It’s also noteworthy that there every Oracle CPU release this year has plugged dozens of vulnerabilities.
“By my count, Oracle has already acknowledged and fixed 343 security issues in 2013. In case there was any doubt, this should be a big red flag to end users that Oracle’s security practices are simply not working.”
You can find Oracle’s update in full here.
What do you know about Internet security? Find out with our quiz!