Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Oracle Has Fixed 270 Security Flaws in Its Products

Oracle’s first quarterly critical dose of patches has been released. Customers are compelled to apply all of the 270 fixes to the corresponding products.

Oracle Has Issued 270 Fixes

The vast update includes products like Oracle Database Server, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Industry Applications, Oracle Fusion Middleware, Oracle Sun Products, Oracle Java SE, and Oracle MySQL. The big number should not scare you – last July the critical bunch contained 276 fixes. All customers should consider applying the updates immediately, “without delay”. It’s a largely known fact that attacks happen successfully because targets had failed to apply patches on time.

According to security experts at Qualys, more than 100 of the fixed issues in the update could be used in remote attacks, without the need of credentials.

More particularly, the updates for Oracle’s FLEXCUBE financial applications comprise 20 percent of the bunch, alongside updates for Oracle Applications, Fusion Middleware, MySQL, and Java. Other significant updates concern Oracle retail apps and PeopleSoft. 16 out of the 17 Java flaws could be exploited remotely without user credentials. Five of the 27 MySQL bugs are also prone to remote exploitation.

MySQL has the highest number of CVE vulnerabilities for the past five years. There’s a steady growth in those flaws between 2015 and 2016, the company has reported. There are fixes for Oracle’s retail apps, such as one for MICROS, the well-known POS systems. More precisely, a bug in the MICROS Lucas system (one of two) doesn’t require authentication and could be exploited remotely via the Web. The other remote bug concerns Oracle Retail Order Broker.

That’s not that surprising at all as PoS systems have become primary targets for PoS for specifically designed malware attacks aiming at credit cards.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.