Aerosol Posted January 20, 2015 Report Share Posted January 20, 2015 Oracle has released a critical patch update fixing 167 vulnerabilities across hundreds of its products, warning that the worst of them could be remotely exploited by hackers.The pressing fixes involve several of Oracle's most widely used products and scored a full 10.0 rating on the CVSS 2.0 Base Score for vulnerabilities, the highest score available."The highest CVSS 2.0 Base Score for vulnerabilities in this critical patch update is 10.0 for Fujitsu M10-1 of Oracle Sun Systems Products Suite, Java SE of Oracle Java SE, M10-4 of Oracle Sun Systems Products Suite and M10-4S Servers of Oracle Sun Systems Products Suite," read the advisory."Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply critical patch update fixes as soon as possible."Oracle warned that the updates for Fujitsu M10-1 of Oracle Sun Systems Products Suite are particularly important."This critical patch update contains 29 new security fixes for the Oracle Sun Systems Products Suite," the advisory said."Ten of these vulnerabilities may be remotely exploitable without authentication [and] may be exploited over a network without the need for a username and password."The Oracle Java SE update fixes 19 flaws, 14 of which were also remotely exploitable.The next most serious flaws relate to Oracle's Fusion Middleware, which received 35 security fixes. The worst carries a 9.3 rating and could also be remotely exploited.The update follows reports that hackers are targeting enterprise companies with malware-laden patches purporting to come from Oracle.The news comes during a period of heated debate about patching best practice. Microsoft announced plans on 9 January to stop offering non-paying customers advanced patch notifications.The announcement led to a backlash in the security community, many feeling that the move is a money-grabbing tactic by Microsoft.Prior to the move, Microsoft came to blows with Google over the search firm's public disclosure of a Windows bug.Google Project Zero researchers publicly disclosed the bug in December 2014 having privately reported it to Microsoft in September. The move led to a debate about what constitutes responsible threat disclosure.Source Quote Link to comment Share on other sites More sharing options...
Nytro Posted January 20, 2015 Report Share Posted January 20, 2015 "The Oracle Java SE update fixes 19 flaws, 14 of which were also remotely exploitable."Clasic. Quote Link to comment Share on other sites More sharing options...
