Oracle Issues Mammoth 88 Vulnerability Patch

Oracle pushed out a massive patch update today, covering 88 vulnerabilities across 30 products.

The fixes include six for Oracle Database Server, three of which may be remotely exploitable without authentication, and another 11 for Fusion Middleware, nine of which could be exploited without the need for a username and password.

A number of the Fusion Middleware security holes scored the maximum CVSS Base Score for vulnerabilities of 10.0.

There are 15 new security fixes for the Oracle Sun Products Suite, five of which could be remotely exploited without the need for a username or password.

Remote control

A total of 33 flaws were classed as remote code execution (RCE) vulnerabilities.

“Compare this to last quarter’s release, which had 16 RCEs in 78 patches. Of the mainstream software lines, only MySQL and the Siebel Clinic product are not affected by the RCE type vulnerabilities; system administrators and users of all other software lines should be prepared to review the release with care next Tuesday,” noted Qualys CTO, Wolfgang Kandek, in a blog post.

Oracle will not be issuing an update for Java, as the enterprise tech giant manages it on a separate schedule. The company last issued an update for Java in February, but it did not release a patch for the Mac version.

This led cyber criminals to exploit the vulnerabilities using variants of the Flashback Trojan, compromising as many as 650,000 machines. That number has now been drastically reduced, thanks to efforts from the security community and various Java updates from Apple itself.

Earlier this week, it emerged another Mac OS Trojan, known as SabPub, was exploiting Java vulnerabilities just as Flashback was.

How much do you know about security? Test yourself with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

15 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

18 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

19 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

20 hours ago