Home > Cyber News > Oracle Has Fixed 270 Security Flaws in Its Products
CYBER NEWS

Oracle Has Fixed 270 Security Flaws in Its Products

by   |  Last Update:  |  0 Comments  

Oracle’s first quarterly critical dose of patches has been released. Customers are compelled to apply all of the 270 fixes to the corresponding products.

Oracle Has Issued 270 Fixes

The vast update includes products like Oracle Database Server, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Industry Applications, Oracle Fusion Middleware, Oracle Sun Products, Oracle Java SE, and Oracle MySQL. The big number should not scare you – last July the critical bunch contained 276 fixes. All customers should consider applying the updates immediately, “without delay”. It’s a largely known fact that attacks happen successfully because targets had failed to apply patches on time.

According to security experts at Qualys, more than 100 of the fixed issues in the update could be used in remote attacks, without the need of credentials.

More particularly, the updates for Oracle’s FLEXCUBE financial applications comprise 20 percent of the bunch, alongside updates for Oracle Applications, Fusion Middleware, MySQL, and Java. Other significant updates concern Oracle retail apps and PeopleSoft. 16 out of the 17 Java flaws could be exploited remotely without user credentials. Five of the 27 MySQL bugs are also prone to remote exploitation.

MySQL has the highest number of CVE vulnerabilities for the past five years. There’s a steady growth in those flaws between 2015 and 2016, the company has reported. There are fixes for Oracle’s retail apps, such as one for MICROS, the well-known POS systems. More precisely, a bug in the MICROS Lucas system (one of two) doesn’t require authentication and could be exploited remotely via the Web. The other remote bug concerns Oracle Retail Order Broker.

That’s not that surprising at all as PoS systems have become primary targets for PoS for specifically designed malware attacks aiming at credit cards.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Oracle Fixes CVE-2017-3622, 298 Security Flaws in April 2017’s Advisory Oracle has just issued a patch addressing a whole lot...
  2. Oracle Patches 342 Flaws, Most Critical of Which Is CVE-2019-2729 in Oracle WebLogic Server New Oracle WebLogic Server vulnerabilities were just reported with the...
  3. Google Versus Oracle Over Android API. Google 1: Oracle 0 Have you heard of the lawsuit between Google and Oracle?...
  4. CVE-2018-3110: Critical Vulnerability in Oracle Database Disclosed Another day, another vulnerability that needs to be patched as...
  5. MalumPos RAM Scraper Attacks Oracle Micros PoS Systems Researchers at TrendMicro have discovered MalumPoS – an attack tool...
  6. Retail Product Zone Gift Card Scam – How to Remove Retail Product Zone or retailproductzone.com is a website that is...
  7. Vulnerabilities in Verifone and Ingenico PoS Devices Could Enable Hackers to Steal and Clone Credit Cards Security researchers Aleksei Stennikov and Timur Yunusov recently unearthed vulnerabilities...
  8. .java Files Virus (Dharma Ransomware) – Remove and Restore Files This article aims to help you remove the newly discovered...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree