Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches ‘without delay.’
Tuesday’s critical patch update (CPU) is Oracle’s first since news of the Equifax breach and of serious vulnerabilities in the widely used WPA2 WiFi security protocol, and separately, in numerous products featuring a particular crypto chipset from Infineon.
In its patch availability announcement, Oracle did not specifically call out these incidents as heightening the urgency for organizations to apply its CPU’s more promptly. Instead as it usually does, Oracle more generally cautioned customers about periodic reports it receives about intruders successfully breaking into organizations by exploiting vulnerabilities for which the company has already issued patches.
“Oracle therefore strongly recommends that customers remain on actively supported versions and apply Critical Patch Update fixes without delay,” the company noted.
Big as October’s CPU is, it is actually smaller than Oracle’s last one in July when the company announced fixes for 310 flaws and the one before in April that involved patches for 300 vulnerabilities.
Commenting on the security update, application security vendor Waratek said the CPU contains fixes for bugs in the Java Virtual Machine and five additional components in Oracle’s Database Server. Two of the patched flaws are remotely exploitable without the need for any credentials.
Read the full article at Dark Reading here.