Oracle Issues Mammoth 88 Vulnerability Patch

Oracle pushed out a massive patch update today, covering 88 vulnerabilities across 30 products.

The fixes include six for Oracle Database Server, three of which may be remotely exploitable without authentication, and another 11 for Fusion Middleware, nine of which could be exploited without the need for a username and password.

A number of the Fusion Middleware security holes scored the maximum CVSS Base Score for vulnerabilities of 10.0.

There are 15 new security fixes for the Oracle Sun Products Suite, five of which could be remotely exploited without the need for a username or password.

Remote control

A total of 33 flaws were classed as remote code execution (RCE) vulnerabilities.

“Compare this to last quarter’s release, which had 16 RCEs in 78 patches. Of the mainstream software lines, only MySQL and the Siebel Clinic product are not affected by the RCE type vulnerabilities; system administrators and users of all other software lines should be prepared to review the release with care next Tuesday,” noted Qualys CTO, Wolfgang Kandek, in a blog post.

Oracle will not be issuing an update for Java, as the enterprise tech giant manages it on a separate schedule. The company last issued an update for Java in February, but it did not release a patch for the Mac version.

This led cyber criminals to exploit the vulnerabilities using variants of the Flashback Trojan, compromising as many as 650,000 machines. That number has now been drastically reduced, thanks to efforts from the security community and various Java updates from Apple itself.

Earlier this week, it emerged another Mac OS Trojan, known as SabPub, was exploiting Java vulnerabilities just as Flashback was.

How much do you know about security? Test yourself with our quiz!