Oracle Has Fixed 270 Security Flaws in Its Products - How to, Technology and PC Security Forum |

Oracle Has Fixed 270 Security Flaws in Its Products

Oracle’s first quarterly critical dose of patches has been released. Customers are compelled to apply all of the 270 fixes to the corresponding products.

Oracle Has Issued 270 Fixes

The vast update includes products like Oracle Database Server, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite, Oracle Industry Applications, Oracle Fusion Middleware, Oracle Sun Products, Oracle Java SE, and Oracle MySQL. The big number should not scare you – last July the critical bunch contained 276 fixes. All customers should consider applying the updates immediately, “without delay”. It’s a largely known fact that attacks happen successfully because targets had failed to apply patches on time.

According to security experts at Qualys, more than 100 of the fixed issues in the update could be used in remote attacks, without the need of credentials.

More particularly, the updates for Oracle’s FLEXCUBE financial applications comprise 20 percent of the bunch, alongside updates for Oracle Applications, Fusion Middleware, MySQL, and Java. Other significant updates concern Oracle retail apps and PeopleSoft. 16 out of the 17 Java flaws could be exploited remotely without user credentials. Five of the 27 MySQL bugs are also prone to remote exploitation.

MySQL has the highest number of CVE vulnerabilities for the past five years. There’s a steady growth in those flaws between 2015 and 2016, the company has reported. There are fixes for Oracle’s retail apps, such as one for MICROS, the well-known POS systems. More precisely, a bug in the MICROS Lucas system (one of two) doesn’t require authentication and could be exploited remotely via the Web. The other remote bug concerns Oracle Retail Order Broker.

That’s not that surprising at all as PoS systems have become primary targets for PoS for specifically designed malware attacks aiming at credit cards.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.